Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.04.2011, 11:16   #1
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Hallo zusammen,
nun hats auch mich erwischt... janz toll! Das passt grad überhaupt nicht. Aber so gehts wohl jedem hier.
Hab mir gestern diesen Trojaner - TR/Kazy.mekml.1 - (laut Avira AntiVir Personal - Free Antivirus) gefangen.
Probleme sind genau diese die hier von all den anderen Usern geschildert werden.

- doppelter Warnhinweis über Avira, dass ein Trojaner entdeckt wurde. Dieser lässt sich jedoch nicht löschen umbenenen oder sonstiges.
- Sekunden später versuchte sich ein Programm zu installieren: steckte glaube ich in User\Henni\AppData\Local\Temp\setup... (zahlenfolge).
- trotz Verweigerung der installation ploppte diese Erlaubnisfrage stetig weiter auf - ob es sich doch noch installiert hat, kann ich nicht sagen, die Erlaubnis habe ich nicht erteilt - Die Meldung erscheint nicht mehr.
- Der betreffende Dateipfad war sofort versteckt und nicht auffindbar.
- nach kurzer Zeit sind alle Daten, Ordner usw. versteckt/ nicht mehr sichtbar. Einschließlich Desktop.
- ständige Meldung über beschädigte Festplatte und Problemen mit einem oder mehreren installierten IDE/ SATA Festplatten. Neustart wird empfohlen.
- Meldung: Kritischer Festplatten Fehler
- Andauernde Abstürze
- Irgendein Windows Diagnose/ Reperatur Programm wird aufgerufen und rät mir irgendeinen Zusatz zu kaufen.
- Offensichtlich scheinen aber alle Programme zu funktionieren

Ich habe hier schon ein bischen gelesen und auch bereits den scan mit OTL gemacht. Ist am Ende - Sorry, dass ich das so mit ranhängen muss und nicht als extra Datei, kann leider, dass was ich speicher ja nicht sehen....
Malwarebytes laß ich gerade durchlaufen. Und editier das gleich mit ran.

Was sind denn dann die nächsten Schritte, bin mir da nicht soo sicher, da auch ich mitlerweile eher zur Fraktion viel surfen - wenig Ahnung gehöre...

Hab gelesen, dass ich um eine Festplattenformatierung und Windows Neuinstallation nicht umhinkommen könnte. Wenn ich dann vorher aber noch meine Daten sicher (wenn ich sie wieder sehe) besteht dann nicht die Gefahr den Trojaner mit meinen Daten mit zu sichern?!!

Vielen, vielen Dank schonmal an alle Helfer hier. Ihr habt, soweit ich das auf den ersten Blick überschauen kann, eine super tolle Seite und bietet geniale und vorallem blitzschnelle Hilfe. Besten Dank, Hendrik




OTL.TxtOTL Logfile:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 27.04.2011 12:04:40 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Henni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 3,63 Gb Free Space | 9,07% Space Free | Partition Type: NTFS
Drive D: | 109,05 Gb Total Space | 21,06 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
Drive E: | 4,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HENNI-PC | User Name: Henni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Henni\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - D:\Programme\Java\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Steam\steam.exe (Valve Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Henni\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msvcr100_clr0400.dll (Microsoft Corporation)
MOD - C:\Programme\Mindjet\MindManager 8\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (COMMONFX.DLL) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (RT2500) -- C:\Windows\System32\drivers\RT2500.sys (Ralink Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 D8 F5 EE D2 55 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {7B297676-4772-4A94-AAF9-43E89FCB1FD8}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.14 17:08:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 19:43:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.25 17:49:54 | 000,000,000 | ---D | M]
 
[2009.09.07 17:51:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Henni\AppData\Roaming\mozilla\Extensions
[2011.04.27 02:12:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Henni\AppData\Roaming\mozilla\Firefox\Profiles\5vvkm3ut.default\extensions
[2010.09.13 23:25:33 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Henni\AppData\Roaming\mozilla\Firefox\Profiles\5vvkm3ut.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.21 10:44:12 | 000,000,873 | -H-- | M] () -- C:\Users\Henni\AppData\Roaming\Mozilla\Firefox\Profiles\5vvkm3ut.default\searchplugins\conduit.xml
[2011.03.25 17:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.14 17:08:42 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011.03.25 17:49:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2011.04.27 01:52:59 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\HENNI\APPDATA\LOCAL\{7B297676-4772-4A94-AAF9-43E89FCB1FD8}
[2009.06.25 22:21:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.09 21:25:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 21:25:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.09 21:25:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.09 21:25:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.09 21:25:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Java\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Kkumopibanov] C:\Users\Henni\AppData\Local\uvupiriq.dll (Andrea Electronics Corporation)
O4 - HKCU..\Run: [qSsBwhAkulOsDNp] C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)
O4 - HKCU..\Run: [Steam] D:\Programme\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Ysefogolog] C:\Users\Henni\AppData\Local\martckb.dll (Voxware, Inc.)
O4 - Startup: C:\Users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor.lnk = C:\Programme\802.11g Wireless LAN\Monitor.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Henni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Henni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Henni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Henni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6fc55de7-496a-11de-8b97-002354d9c601}\Shell - "" = AutoRun
O33 - MountPoints2\{6fc55de7-496a-11de-8b97-002354d9c601}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8b90e33c-2a1b-11df-a8e1-002354d9c601}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{fb983c8b-add9-11de-b284-002354d9c601}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{fb983c8b-add9-11de-b284-002354d9c601}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 09:14:58 | 000,000,000 | -H-D | C] -- C:\Users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.27 01:52:59 | 000,000,000 | -H-D | C] -- C:\Users\Henni\AppData\Local\{7B297676-4772-4A94-AAF9-43E89FCB1FD8}
[2011.04.27 01:51:26 | 000,573,440 | ---- | C] (WinTrust) -- C:\ProgramData\qSsBwhAkulOsDNp.exe
[2011.04.19 18:34:28 | 000,000,000 | -H-D | C] -- C:\Users\Henni\Desktop\VR
[2011.04.15 15:41:44 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 15:41:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:41:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.15 15:41:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 15:41:22 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 15:41:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.15 15:41:22 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 15:41:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 15:41:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.15 15:41:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.15 15:41:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.15 15:41:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 15:41:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.15 15:41:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.15 15:41:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.15 15:41:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.15 15:41:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.15 15:41:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 15:41:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 15:41:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:41:12 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:41:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:40:59 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:40:52 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 15:40:52 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.02 22:54:26 | 000,000,000 | -H-D | C] -- C:\Users\Henni\.smplayer
[2009.08.06 17:25:51 | 000,278,528 | -H-- | C] (Andrea Electronics Corporation) -- C:\Users\Henni\AppData\Local\uvupiriq.dll
[2009.08.06 17:25:51 | 000,122,880 | -H-- | C] (Voxware, Inc.) -- C:\Users\Henni\AppData\Local\martckb.dll
[2009.06.04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009.06.04 01:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 12:00:15 | 000,000,120 | -H-- | M] () -- C:\Users\Henni\AppData\Local\Ewepidel.dat
[2011.04.27 12:00:02 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3F0F7E61-F75A-4FBB-AD90-3AD676F3CFAA}.job
[2011.04.27 11:59:45 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 11:59:45 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 11:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 11:59:37 | 3488,747,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 10:22:05 | 000,055,300 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2011.04.27 10:22:05 | 000,055,300 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2011.04.27 10:22:05 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-00000007-00001102-00000005-00311102}.rfx
[2011.04.27 09:20:06 | 000,000,392 | ---- | M] () -- C:\ProgramData\40754952
[2011.04.27 09:16:22 | 000,000,583 | -H-- | M] () -- C:\Users\Henni\Desktop\Windows Recovery.lnk
[2011.04.27 09:15:33 | 000,000,184 | ---- | M] () -- C:\ProgramData\~40754952
[2011.04.27 09:15:33 | 000,000,152 | ---- | M] () -- C:\ProgramData\~40754952r
[2011.04.27 01:53:01 | 000,000,000 | -H-- | M] () -- C:\Users\Henni\AppData\Local\Dvirecewewec.bin
[2011.04.27 01:51:25 | 000,573,440 | ---- | M] (WinTrust) -- C:\ProgramData\qSsBwhAkulOsDNp.exe
[2011.04.24 13:29:05 | 000,663,654 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.24 13:29:05 | 000,608,932 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.24 13:29:05 | 000,138,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.24 13:29:05 | 000,114,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.16 15:49:57 | 000,302,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.10 14:04:06 | 000,215,454 | -H-- | M] () -- C:\Users\Henni\Desktop\PolVR - Fall 05.04.2011.pdf
[2011.04.03 15:00:01 | 001,074,643 | -H-- | M] () -- C:\Users\Henni\Desktop\Scan_Doc0001.pdf
 
========== Files Created - No Company Name ==========
 
[2011.04.27 09:16:22 | 000,000,583 | -H-- | C] () -- C:\Users\Henni\Desktop\Windows Recovery.lnk
[2011.04.27 09:15:33 | 000,000,184 | ---- | C] () -- C:\ProgramData\~40754952
[2011.04.27 09:15:33 | 000,000,152 | ---- | C] () -- C:\ProgramData\~40754952r
[2011.04.27 09:14:48 | 000,000,392 | ---- | C] () -- C:\ProgramData\40754952
[2011.04.27 01:53:01 | 000,000,120 | -H-- | C] () -- C:\Users\Henni\AppData\Local\Ewepidel.dat
[2011.04.27 01:53:01 | 000,000,000 | -H-- | C] () -- C:\Users\Henni\AppData\Local\Dvirecewewec.bin
[2011.04.10 14:04:02 | 000,215,454 | -H-- | C] () -- C:\Users\Henni\Desktop\PolVR - Fall 05.04.2011.pdf
[2011.04.03 14:59:54 | 001,074,643 | -H-- | C] () -- C:\Users\Henni\Desktop\Scan_Doc0001.pdf
[2011.01.17 19:46:45 | 000,006,123 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2011.01.17 16:40:33 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2011.01.17 16:40:33 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2011.01.17 16:40:33 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2011.01.17 16:40:33 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2011.01.17 16:40:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2011.01.17 16:40:33 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2011.01.17 16:40:33 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2011.01.17 16:40:33 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2011.01.17 16:40:32 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2011.01.17 16:40:32 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2011.01.17 15:41:55 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.11.14 16:59:01 | 000,238,987 | ---- | C] () -- C:\Windows\hpwins26.dat
[2010.11.12 19:37:26 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.10.02 18:57:21 | 000,239,000 | ---- | C] () -- C:\Windows\hpwins26.dat.temp
[2010.10.02 18:44:00 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2010.05.25 21:30:08 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.11.23 19:53:15 | 000,004,096 | -H-- | C] () -- C:\Users\Henni\AppData\Local\keyfile3.drm
[2009.08.18 08:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2009.08.06 17:25:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.06 17:25:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.06 17:28:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.06.04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009.06.04 01:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009.06.04 01:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009.06.04 01:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009.06.04 01:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009.05.09 10:00:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.26 18:53:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.26 18:08:46 | 000,003,072 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2009.04.26 18:06:54 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009.04.26 18:06:54 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.04.26 17:29:59 | 000,023,040 | -H-- | C] () -- C:\Users\Henni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.26 16:48:33 | 000,003,948 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.04.26 16:46:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.04.26 16:46:26 | 000,027,497 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.04.26 16:44:33 | 000,000,680 | -H-- | C] () -- C:\Users\Henni\AppData\Local\d3d9caps.dat
[2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 09:15:58 | 000,663,654 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,138,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,302,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,608,932 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,114,424 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
< End of report >
         
--- --- ---

--- --- ---

Extras.TxtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.04.2011 12:04:40 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Henni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 3,63 Gb Free Space | 9,07% Space Free | Partition Type: NTFS
Drive D: | 109,05 Gb Total Space | 21,06 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
Drive E: | 4,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HENNI-PC | User Name: Henni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "D:\Programe\Müller Foto\Müller Foto.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B358286-5FC3-415A-93D8-1950C6F9CA7C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{24DBC93D-2352-456E-940A-95B7E4F14810}" = rport=139 | protocol=6 | dir=out | app=system | 
"{32C31161-325A-462D-80B6-A20FE6816823}" = lport=445 | protocol=6 | dir=in | app=system | 
"{427EF96E-549F-43A2-888A-6FC80038F4F3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{53E2EF8D-FB5E-4C82-91B2-C357852DA1A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{562B0726-A8C8-4579-9814-22A14A4FB55C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59F05DC6-FFFD-469A-84E3-9DBDDC59B3D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6EFA3735-9B71-4171-BFBC-6B64EA7B0710}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{796ACDD5-3291-47C3-9A76-A22FB1FAB3E7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7E327737-CE58-4235-B734-AB6357459ABB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A43CA21D-2FBB-4024-B489-E02B6A904C6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A64A50FD-6392-4306-8769-ACC4A43A7CBE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B247B86E-79D9-490C-9E9A-DB0A756FA679}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B2B2257C-7301-4C23-8786-0ADB29BAF080}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B581CB7F-4CC2-4322-AB37-8D55D129EF5F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C310447F-2DA8-43DA-A00C-3B9664C26032}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D791FD92-7B87-426A-9234-5AA6E3FD2599}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E233C892-0494-4CEA-B85A-65E7179B5AEE}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DA1D5-B034-4085-8C3C-EC70566DDC02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0BD27DB9-13E0-4187-BCAF-D4BCBB90BFDE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1B2B4F09-7FC0-46E4-9C9D-AD5C11E1F728}" = protocol=6 | dir=in | app=d:\games\blood bowl\bb.exe | 
"{1B74E3EF-A713-42BE-85C8-6F5064ED482D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1B937263-EAA9-42AB-B1AA-D7192BBFE963}" = protocol=17 | dir=in | app=d:\games\streetfigtheriv\streetfighteriv.exe | 
"{1DC73064-0571-4B6F-BBB6-F2ABCAED36EE}" = protocol=17 | dir=in | app=d:\games\blood bowl\autorun\exe\autorun.exe | 
"{1F9D6C71-32C7-49DF-8C7E-9607D4D087A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{21117E3D-B74D-42A6-BE8E-4E8E8C78E11F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{26C31F19-C3D9-45CB-864B-232A06C37CAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{2CDDB5B6-CCCC-4149-8009-48AA7C63EB48}" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"{2D0317AA-ADF3-42F8-9D6F-D02084F6D6E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{2D688BDC-965F-4EA8-BC76-51F8AF796256}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{3685A707-4732-4CDD-A823-036B3A012FD2}" = protocol=17 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe | 
"{36F69C87-6D64-4CF3-9013-3F4E44E8E7FC}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{3E19FF2B-319B-487D-945C-8E192D14FA9A}" = protocol=6 | dir=in | app=d:\games\demigod\bin\demigod.exe | 
"{3E8EC3B3-8C0D-4097-AF69-88808EB8E699}" = protocol=6 | dir=in | app=d:\games\world in conflict\wic_ds.exe | 
"{43131678-ED73-4C01-8F5F-0E0F267394DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{44DAC478-29C7-4C9B-B205-1E39D3E6AC5E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{44F0CA46-AF48-4777-AE30-7921C6F544CC}" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe | 
"{4675AFF4-CBEB-46FB-8903-8AA15F8A70D1}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{52024D7B-4349-4E66-BF76-38A4810F116E}" = protocol=17 | dir=in | app=d:\games\world in conflict\wic_online.exe | 
"{567E9CBA-3897-436A-91B1-300A5F614051}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{59A24865-D230-4361-98B9-CA91211D6615}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{62384A39-C8DF-41BD-A7A6-AEC3BB43EDE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{667C2218-3FAF-4289-B406-C36D68D237C7}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\empire total war\empire.exe | 
"{6BDC6DE5-7208-4FE5-AFA0-912DB80FA1FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{6EF7329E-FCD1-4E27-A860-757B9117A518}" = protocol=17 | dir=in | app=d:\games\blood bowl\bb.exe | 
"{76048FB7-6704-4AB9-BCEC-683A95C7B420}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{769520AF-13A2-492E-B1E0-169CF928DB74}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{807F4DF8-66EC-4AD8-AB49-4623006A9000}" = protocol=6 | dir=in | app=d:\games\streetfigtheriv\streetfighteriv.exe | 
"{87DA708E-D567-4942-8EE7-BD0FD3C77414}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{9A743BB3-2CC7-4D46-97CF-FBB609E81EF0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{9D4A23A8-8387-4CB1-8F10-EF1A39966620}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{A40788B2-FD9A-4DCF-92D5-DD7981A8E47B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A4C6A5DD-849C-4C45-9339-9EAFD5ED8B02}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B1DE05ED-366A-4784-B431-90216F5B601A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B8124DED-C84D-45A6-B5A1-D140ECF53995}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\empire total war\empire.exe | 
"{C6BA4662-5CD5-4888-82FA-54465957AFA5}" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe | 
"{C777CF3B-D54D-487F-9007-5BF1BAD84E0B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{C8944BDD-9D85-445D-9F60-215FA128EFF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC0ED022-6167-42DA-8E7C-0A7323059A1D}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{D05A4458-E289-4257-8365-D7813DE98CF7}" = protocol=17 | dir=in | app=d:\games\world in conflict\wic_ds.exe | 
"{D0DCA6FB-2BE4-4259-BAF7-2155E70608CB}" = protocol=17 | dir=in | app=d:\games\world in conflict\wic.exe | 
"{D60E203F-C31B-4AAE-9C1F-EAE8FC7ED0A6}" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"{DD082088-A12A-44CB-BDCE-ECFD163D9B24}" = protocol=6 | dir=in | app=d:\games\world in conflict\wic.exe | 
"{DEAD43F4-B474-482B-8C83-7499243BB2A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E290020B-A063-4C76-A523-80E8ACC50014}" = protocol=6 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe | 
"{EA33A8C4-DF16-46BB-872F-79BD807A3D59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{EB6A18DB-CE2F-4A81-9187-E8A13E4FAEE1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EC007DD5-2CC1-4414-BC8E-53EC728C6233}" = protocol=6 | dir=in | app=d:\games\blood bowl\autorun\exe\autorun.exe | 
"{F038ECAF-AE49-4475-8D49-E0EC02696DA2}" = protocol=17 | dir=in | app=d:\games\demigod\bin\demigod.exe | 
"{F4EF1410-0920-4E75-A281-47476B8DA9FA}" = protocol=6 | dir=in | app=d:\games\world in conflict\wic_online.exe | 
"{F58508EC-E5E3-419D-B35B-A0CAD91CB841}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"TCP Query User{163E256B-C1B8-4645-B4FB-7610C0915049}D:\games\rome - total war\rometw.exe" = protocol=6 | dir=in | app=d:\games\rome - total war\rometw.exe | 
"TCP Query User{23F4CB37-3335-433E-A5E8-F04218CB2C3E}D:\games\dead space\dead space.exe" = protocol=6 | dir=in | app=d:\games\dead space\dead space.exe | 
"TCP Query User{56548C9A-D0FE-4CFC-A512-2EC86F189C17}D:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{A8607258-BD4F-4721-8535-8B2D58E4BA52}D:\games\heroes of might and magic v - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\games\heroes of might and magic v - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"TCP Query User{EFDB7F42-36B2-472C-A828-0B769347FC7C}D:\games\heroes of might and magic v\bina1\h5_game.exe" = protocol=6 | dir=in | app=d:\games\heroes of might and magic v\bina1\h5_game.exe | 
"UDP Query User{099E145D-C73F-4C1C-926E-36849D06DDB4}D:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{0EA2E3C4-97BC-40C5-ABA9-80C3EB310081}D:\games\rome - total war\rometw.exe" = protocol=17 | dir=in | app=d:\games\rome - total war\rometw.exe | 
"UDP Query User{685F94C4-576A-4BBB-9569-FDB5AD079D14}D:\games\dead space\dead space.exe" = protocol=17 | dir=in | app=d:\games\dead space\dead space.exe | 
"UDP Query User{AF847195-0C1C-450B-B105-3BAB33F2CA18}D:\games\heroes of might and magic v - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=d:\games\heroes of might and magic v - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"UDP Query User{E41A7057-3344-4A4A-984C-1AE5ACDC6912}D:\games\heroes of might and magic v\bina1\h5_game.exe" = protocol=17 | dir=in | app=d:\games\heroes of might and magic v\bina1\h5_game.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7AC753F9-285B-4D10-99D1-DB809DFC01E9}" = 802.11g Wireless LAN Adapter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B929A084-395B-4886-8474-CC55CF76F17E}" = Mindjet MindManager 8
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Batch PPTX to PPT Converter" = Batch PPTX to PPT Converter
"BloodBowl_is1" = Blood Bowl 1.1.3.3
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"EADM" = EA Download Manager
"Evil Player" = Evil Player v1.31
"Free Studio_is1" = Free Studio version 4.9
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Impulse" = Impulse
"InstallShield_{7AC753F9-285B-4D10-99D1-DB809DFC01E9}" = 802.11g Wireless LAN
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Müller Foto" = Müller Foto
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PDF-XChange 3_is1" = PDF-XChange 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Shop for HP Supplies" = Shop for HP Supplies
"SMPlayer" = SMPlayer 0.6.9
"Steam App 10500" = Empire: Total War
"SysInfo" = Creative Systeminformationen
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineCodex WHFB" = OnlineCodex WHFB
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.04.2011 03:17:05 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.04.2011 03:36:15 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.04.2011 03:36:15 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.04.2011 03:37:08 | Computer Name = Henni-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2011 03:58:03 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.04.2011 03:58:03 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.04.2011 03:58:18 | Computer Name = Henni-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2011 04:19:53 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.04.2011 04:19:53 | Computer Name = Henni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.04.2011 04:20:11 | Computer Name = Henni-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.04.2011 19:58:42 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.04.2011 20:07:34 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.04.2011 03:15:52 | Computer Name = Henni-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 27.04.2011 03:16:01 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.04.2011 03:17:36 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.04.2011 03:37:09 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.04.2011 03:38:37 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 27.04.2011 03:58:18 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.04.2011 04:20:11 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.04.2011 06:00:17 | Computer Name = Henni-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Und der Maleware Report:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6455

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

27.04.2011 13:03:15
mbam-log-2011-04-27 (13-03-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 153172
Laufzeit: 5 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 19

Infizierte Speicherprozesse:
c:\programdata\qssbwhakulosdnp.exe (Trojan.FakeAlert) -> 3764 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkumopibanov (Trojan.Hiloti) -> Value: Kkumopibanov -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysefogolog (Trojan.Hiloti) -> Value: Ysefogolog -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qSsBwhAkulOsDNp (Trojan.FakeAlert) -> Value: qSsBwhAkulOsDNp -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\Henni\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Delete on reboot.
c:\programdata\qssbwhakulosdnp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\0.2735678170939042.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\0.7336136234008448.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\3CA6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\4v1p7fxr.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\setup1656241528.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\setup168982136.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\setup2473031608.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\setup2580969912.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\setup2955183096.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\setup3159422648.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\setup4033509176.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\e.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\Temp\setup905086072.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Henni\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Hab ihn grad nochmal durchlaufen lassen da ich von AntiVir jetzt Meldungen über einen weiteren Trojaner - TR/Trash.Gen - bekomme:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6455

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

27.04.2011 13:10:28
mbam-log-2011-04-27 (13-10-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152983
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkumopibanov (Trojan.Hiloti) -> Value: Kkumopibanov -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysefogolog (Trojan.Hiloti) -> Value: Ysefogolog -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

Hab ihn grad noch 2 mal durchlaufen lassen da ich von AntiVir jetzt ständig Meldungen über einen weiteren Trojaner - TR/Trash.Gen - bekomme. Der scheint sich aber nicht entfernen zu lassen, da die Meldung auch nach 2 Durchläufen noch kommt.


Nr. 1

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6455

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

27.04.2011 13:10:28
mbam-log-2011-04-27 (13-10-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152983
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkumopibanov (Trojan.Hiloti) -> Value: Kkumopibanov -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysefogolog (Trojan.Hiloti) -> Value: Ysefogolog -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.


Nr.2

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6455

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

27.04.2011 13:18:39
mbam-log-2011-04-27 (13-18-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152861
Laufzeit: 6 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Agent.U) -> Delete on reboot.
c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkumopibanov (Trojan.Agent.U) -> Value: Kkumopibanov -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysefogolog (Trojan.Agent.U) -> Value: Ysefogolog -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Henni\AppData\Local\uvupiriq.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\martckb.dll (Trojan.Agent.U) -> Quarantined and deleted successfully

Alt 28.04.2011, 16:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 28.04.2011, 19:48   #3
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6464

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

28.04.2011 20:42:35
mbam-log-2011-04-28 (20-42-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|)
Durchsuchte Objekte: 300515
Laufzeit: 1 Stunde(n), 15 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.FakeMS.VGen) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Recycle.Bin\recycle.bin.exe (Trojan.FakeMS.VGen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\3TG08ZNJ\info[1].exe (Trojan.FakeMS.VGen) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\71JK30RW\windows-update-sp3-kb86531-setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Henni\AppData\LocalLow\Sun\Java\deployment\cache\6.0\17\256f6351-795e297b (Trojan.FakeMS.VGen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
__________________

Alt 28.04.2011, 20:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
O4 - HKCU..\Run: [Kkumopibanov] C:\Users\Henni\AppData\Local\uvupiriq.dll (Andrea Electronics Corporation)
O4 - HKCU..\Run: [qSsBwhAkulOsDNp] C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)
O4 - HKCU..\Run: [Ysefogolog] C:\Users\Henni\AppData\Local\martckb.dll (Voxware, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6fc55de7-496a-11de-8b97-002354d9c601}\Shell - "" = AutoRun
O33 - MountPoints2\{6fc55de7-496a-11de-8b97-002354d9c601}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8b90e33c-2a1b-11df-a8e1-002354d9c601}\Shell\verb1\command - "" = desktop.exe
O33 - MountPoints2\{fb983c8b-add9-11de-b284-002354d9c601}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{fb983c8b-add9-11de-b284-002354d9c601}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
[2011.04.27 09:14:58 | 000,000,000 | -H-D | C] -- C:\Users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.27 01:52:59 | 000,000,000 | -H-D | C] -- C:\Users\Henni\AppData\Local\{7B297676-4772-4A94-AAF9-43E89FCB1FD8}
[2011.04.27 01:51:26 | 000,573,440 | ---- | C] (WinTrust) -- C:\ProgramData\qSsBwhAkulOsDNp.exe
[2009.08.06 17:25:51 | 000,278,528 | -H-- | C] (Andrea Electronics Corporation) -- C:\Users\Henni\AppData\Local\uvupiriq.dll
[2009.08.06 17:25:51 | 000,122,880 | -H-- | C] (Voxware, Inc.) -- C:\Users\Henni\AppData\Local\martckb.dll
[2011.04.27 09:20:06 | 000,000,392 | ---- | M] () -- C:\ProgramData\40754952
[2011.04.27 09:16:22 | 000,000,583 | -H-- | M] () -- C:\Users\Henni\Desktop\Windows Recovery.lnk
[2011.04.27 09:15:33 | 000,000,184 | ---- | M] () -- C:\ProgramData\~40754952
[2011.04.27 09:15:33 | 000,000,152 | ---- | M] () -- C:\ProgramData\~40754952r
[2011.04.27 01:53:01 | 000,000,000 | -H-- | M] () -- C:\Users\Henni\AppData\Local\Dvirecewewec.bin
[2011.04.27 01:51:25 | 000,573,440 | ---- | M] (WinTrust) -- C:\ProgramData\qSsBwhAkulOsDNp.exe
[2011.04.27 09:16:22 | 000,000,583 | -H-- | C] () -- C:\Users\Henni\Desktop\Windows Recovery.lnk
[2011.04.27 09:15:33 | 000,000,184 | ---- | C] () -- C:\ProgramData\~40754952
[2011.04.27 09:15:33 | 000,000,152 | ---- | C] () -- C:\ProgramData\~40754952r
[2011.04.27 09:14:48 | 000,000,392 | ---- | C] () -- C:\ProgramData\40754952
[2011.04.27 01:53:01 | 000,000,120 | -H-- | C] () -- C:\Users\Henni\AppData\Local\Ewepidel.dat
[2011.04.27 01:53:01 | 000,000,000 | -H-- | C] () -- C:\Users\Henni\AppData\Local\Dvirecewewec.bin
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logs bitte immer in CODE-Tags posten

Alt 28.04.2011, 21:44   #5
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



OTL Fix durchgelaufen. Jetzt muss ich nur noch irgendwie meine Dateien und Ordner wieder sichtbar bekommen. Vielen Dank und gruß, Hendrik

All processes killed
========== OTL ==========
No active process named qSsBwhAkulOsDNp.exe was found!
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" removed from browser.startup.homepage
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kkumopibanov not found.
File C:\Users\Henni\AppData\Local\uvupiriq.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qSsBwhAkulOsDNp not found.
File C:\ProgramData\qSsBwhAkulOsDNp.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ysefogolog not found.
File C:\Users\Henni\AppData\Local\martckb.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fc55de7-496a-11de-8b97-002354d9c601}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fc55de7-496a-11de-8b97-002354d9c601}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fc55de7-496a-11de-8b97-002354d9c601}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fc55de7-496a-11de-8b97-002354d9c601}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b90e33c-2a1b-11df-a8e1-002354d9c601}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b90e33c-2a1b-11df-a8e1-002354d9c601}\ not found.
File desktop.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb983c8b-add9-11de-b284-002354d9c601}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb983c8b-add9-11de-b284-002354d9c601}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb983c8b-add9-11de-b284-002354d9c601}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb983c8b-add9-11de-b284-002354d9c601}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe not found.
Folder C:\Users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\ not found.
C:\Users\Henni\AppData\Local\{7B297676-4772-4A94-AAF9-43E89FCB1FD8}\chrome\content folder moved successfully.
C:\Users\Henni\AppData\Local\{7B297676-4772-4A94-AAF9-43E89FCB1FD8}\chrome folder moved successfully.
C:\Users\Henni\AppData\Local\{7B297676-4772-4A94-AAF9-43E89FCB1FD8} folder moved successfully.
File C:\ProgramData\qSsBwhAkulOsDNp.exe not found.
File C:\Users\Henni\AppData\Local\uvupiriq.dll not found.
File C:\Users\Henni\AppData\Local\martckb.dll not found.
C:\ProgramData\40754952 moved successfully.
File C:\Users\Henni\Desktop\Windows Recovery.lnk not found.
C:\ProgramData\~40754952 moved successfully.
C:\ProgramData\~40754952r moved successfully.
C:\Users\Henni\AppData\Local\Dvirecewewec.bin moved successfully.
File C:\ProgramData\qSsBwhAkulOsDNp.exe not found.
File C:\Users\Henni\Desktop\Windows Recovery.lnk not found.
File C:\ProgramData\~40754952 not found.
File C:\ProgramData\~40754952r not found.
File C:\ProgramData\40754952 not found.
C:\Users\Henni\AppData\Local\Ewepidel.dat moved successfully.
File C:\Users\Henni\AppData\Local\Dvirecewewec.bin not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Henni
->Temp folder emptied: 6822754557 bytes
->Temporary Internet Files folder emptied: 208569935 bytes
->Java cache emptied: 1152945 bytes
->FireFox cache emptied: 66317153 bytes
->Flash cache emptied: 65936 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 402590466 bytes
RecycleBin emptied: 0 bytes


Alt 29.04.2011, 10:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt

Alt 30.04.2011, 15:18   #7
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



2011/04/29 21:33:34.0403 4580 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/29 21:33:34.0637 4580 ================================================================================
2011/04/29 21:33:34.0637 4580 SystemInfo:
2011/04/29 21:33:34.0637 4580
2011/04/29 21:33:34.0637 4580 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/29 21:33:34.0637 4580 Product type: Workstation
2011/04/29 21:33:34.0637 4580 ComputerName: HENNI-PC
2011/04/29 21:33:34.0637 4580 UserName: Henni
2011/04/29 21:33:34.0637 4580 Windows directory: C:\Windows
2011/04/29 21:33:34.0637 4580 System windows directory: C:\Windows
2011/04/29 21:33:34.0637 4580 Processor architecture: Intel x86
2011/04/29 21:33:34.0637 4580 Number of processors: 4
2011/04/29 21:33:34.0637 4580 Page size: 0x1000
2011/04/29 21:33:34.0637 4580 Boot type: Normal boot
2011/04/29 21:33:34.0637 4580 ================================================================================
2011/04/29 21:33:34.0918 4580 Initialize success
2011/04/29 21:33:39.0161 4636 ================================================================================
2011/04/29 21:33:39.0161 4636 Scan started
2011/04/29 21:33:39.0161 4636 Mode: Manual;
2011/04/29 21:33:39.0161 4636 ================================================================================
2011/04/29 21:33:41.0080 4636 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
2011/04/29 21:33:41.0173 4636 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/29 21:33:41.0236 4636 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/29 21:33:41.0267 4636 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/29 21:33:41.0314 4636 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/29 21:33:41.0329 4636 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/29 21:33:41.0407 4636 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/29 21:33:41.0470 4636 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/29 21:33:41.0485 4636 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/29 21:33:41.0532 4636 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/29 21:33:41.0563 4636 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/29 21:33:41.0594 4636 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/29 21:33:41.0626 4636 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/29 21:33:41.0657 4636 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/29 21:33:41.0719 4636 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/29 21:33:41.0750 4636 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/29 21:33:41.0782 4636 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/29 21:33:41.0813 4636 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/29 21:33:42.0016 4636 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/29 21:33:42.0047 4636 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/29 21:33:42.0094 4636 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/29 21:33:42.0125 4636 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/29 21:33:42.0172 4636 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/29 21:33:42.0234 4636 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/29 21:33:42.0281 4636 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/29 21:33:42.0312 4636 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/29 21:33:42.0343 4636 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/29 21:33:42.0374 4636 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/29 21:33:42.0406 4636 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/29 21:33:42.0437 4636 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/29 21:33:42.0468 4636 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/29 21:33:42.0515 4636 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/29 21:33:42.0562 4636 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/29 21:33:42.0608 4636 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/29 21:33:42.0655 4636 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/29 21:33:42.0733 4636 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/29 21:33:42.0796 4636 COMMONFX.DLL (d7b2bd9c6e974b173ca536b96fc099c6) C:\Windows\system32\COMMONFX.DLL
2011/04/29 21:33:42.0827 4636 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/29 21:33:42.0858 4636 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/29 21:33:42.0936 4636 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/29 21:33:43.0030 4636 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
2011/04/29 21:33:43.0076 4636 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
2011/04/29 21:33:43.0186 4636 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
2011/04/29 21:33:43.0264 4636 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
2011/04/29 21:33:43.0342 4636 CTAUDFX.DLL (ed97653aebc514634f78b441acec9781) C:\Windows\system32\CTAUDFX.DLL
2011/04/29 21:33:43.0420 4636 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
2011/04/29 21:33:43.0451 4636 CTEAPSFX.DLL (bab84177d031385bc9c97eb8e92f58f6) C:\Windows\system32\CTEAPSFX.DLL
2011/04/29 21:33:43.0482 4636 CTEDSPFX.DLL (5c5e1d51041c118104739294ab5f0fd4) C:\Windows\system32\CTEDSPFX.DLL
2011/04/29 21:33:43.0513 4636 CTEDSPIO.DLL (2d7d58aabee8e6e9c53a261984823205) C:\Windows\system32\CTEDSPIO.DLL
2011/04/29 21:33:43.0544 4636 CTEDSPSY.DLL (3fec927bf0e567226726934b0d5626a8) C:\Windows\system32\CTEDSPSY.DLL
2011/04/29 21:33:43.0576 4636 CTERFXFX.DLL (47bd331c0854d13cfc26aca5abfd4af3) C:\Windows\system32\CTERFXFX.DLL
2011/04/29 21:33:43.0685 4636 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/04/29 21:33:43.0747 4636 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/04/29 21:33:43.0810 4636 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/04/29 21:33:43.0841 4636 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/04/29 21:33:43.0903 4636 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
2011/04/29 21:33:44.0184 4636 CTSBLFX.DLL (b0d488737174b1ff69f18086ee2c914e) C:\Windows\system32\CTSBLFX.DLL
2011/04/29 21:33:44.0262 4636 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
2011/04/29 21:33:44.0340 4636 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/29 21:33:44.0496 4636 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/29 21:33:44.0574 4636 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/29 21:33:44.0621 4636 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/29 21:33:44.0746 4636 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/29 21:33:44.0824 4636 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/29 21:33:44.0870 4636 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/29 21:33:44.0964 4636 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/29 21:33:45.0073 4636 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/29 21:33:45.0245 4636 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/29 21:33:45.0307 4636 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
2011/04/29 21:33:45.0354 4636 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/29 21:33:45.0416 4636 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/29 21:33:45.0448 4636 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/29 21:33:45.0494 4636 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/29 21:33:45.0541 4636 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/29 21:33:45.0572 4636 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/29 21:33:45.0588 4636 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/29 21:33:45.0666 4636 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/29 21:33:45.0728 4636 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/29 21:33:45.0760 4636 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/29 21:33:45.0791 4636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/29 21:33:46.0165 4636 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
2011/04/29 21:33:46.0415 4636 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/29 21:33:46.0508 4636 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/29 21:33:46.0571 4636 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/29 21:33:46.0602 4636 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/29 21:33:46.0664 4636 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/29 21:33:46.0711 4636 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/29 21:33:46.0789 4636 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/29 21:33:46.0836 4636 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/29 21:33:46.0883 4636 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/29 21:33:46.0914 4636 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/29 21:33:46.0945 4636 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/29 21:33:47.0132 4636 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/29 21:33:47.0195 4636 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/29 21:33:47.0226 4636 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/29 21:33:47.0273 4636 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/29 21:33:47.0320 4636 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/29 21:33:47.0351 4636 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/29 21:33:47.0398 4636 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/29 21:33:47.0429 4636 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/29 21:33:47.0476 4636 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/29 21:33:47.0600 4636 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/29 21:33:47.0647 4636 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/29 21:33:47.0678 4636 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/29 21:33:47.0725 4636 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/29 21:33:47.0897 4636 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/29 21:33:47.0990 4636 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/29 21:33:48.0053 4636 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/29 21:33:48.0084 4636 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/29 21:33:48.0115 4636 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/29 21:33:48.0146 4636 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/29 21:33:48.0209 4636 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/29 21:33:48.0318 4636 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/29 21:33:48.0365 4636 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/29 21:33:48.0412 4636 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/29 21:33:48.0536 4636 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/29 21:33:48.0583 4636 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/29 21:33:48.0599 4636 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/29 21:33:48.0646 4636 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/29 21:33:48.0677 4636 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/29 21:33:48.0724 4636 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/29 21:33:48.0770 4636 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/29 21:33:48.0864 4636 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/29 21:33:49.0004 4636 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/29 21:33:49.0051 4636 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/29 21:33:49.0098 4636 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/29 21:33:49.0145 4636 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/29 21:33:49.0207 4636 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/29 21:33:49.0254 4636 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/29 21:33:49.0301 4636 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/29 21:33:49.0332 4636 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/29 21:33:49.0348 4636 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/29 21:33:49.0394 4636 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/29 21:33:49.0706 4636 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/29 21:33:49.0862 4636 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/29 21:33:49.0925 4636 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/29 21:33:49.0972 4636 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/29 21:33:50.0018 4636 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/29 21:33:50.0096 4636 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/29 21:33:50.0128 4636 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/29 21:33:50.0159 4636 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/29 21:33:50.0237 4636 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/29 21:33:50.0284 4636 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/29 21:33:50.0330 4636 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/29 21:33:50.0424 4636 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/29 21:33:50.0502 4636 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/29 21:33:50.0549 4636 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/29 21:33:50.0580 4636 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/29 21:33:50.0939 4636 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/29 21:33:51.0001 4636 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/29 21:33:51.0032 4636 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/29 21:33:51.0251 4636 NVENETFD (c39ad3b818502edfa4b819148b72a0e3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/29 21:33:52.0561 4636 nvlddmkm (484844c0d892b42ecc5e6b063d072a38) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/29 21:33:53.0076 4636 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/29 21:33:53.0123 4636 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/04/29 21:33:53.0154 4636 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/29 21:33:53.0216 4636 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/29 21:33:53.0326 4636 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/29 21:33:53.0388 4636 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
2011/04/29 21:33:53.0482 4636 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/29 21:33:53.0560 4636 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/29 21:33:53.0622 4636 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/29 21:33:53.0669 4636 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/29 21:33:53.0731 4636 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/29 21:33:53.0809 4636 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/29 21:33:53.0887 4636 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/29 21:33:54.0059 4636 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/29 21:33:54.0262 4636 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/04/29 21:33:54.0355 4636 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/29 21:33:54.0449 4636 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/29 21:33:54.0527 4636 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/29 21:33:54.0574 4636 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/29 21:33:54.0605 4636 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/29 21:33:54.0636 4636 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/29 21:33:54.0683 4636 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/29 21:33:54.0745 4636 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/29 21:33:54.0792 4636 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/29 21:33:54.0854 4636 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/29 21:33:55.0104 4636 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/29 21:33:55.0151 4636 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/29 21:33:55.0244 4636 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/29 21:33:55.0354 4636 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/29 21:33:55.0432 4636 RT2500 (ae1e626f00180bfb3ca5a81fffc65332) C:\Windows\system32\DRIVERS\RT2500.sys
2011/04/29 21:33:55.0681 4636 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/29 21:33:55.0759 4636 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/29 21:33:55.0806 4636 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/29 21:33:55.0853 4636 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/29 21:33:55.0868 4636 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/29 21:33:55.0915 4636 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/29 21:33:55.0978 4636 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/29 21:33:55.0993 4636 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/29 21:33:56.0024 4636 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/29 21:33:56.0056 4636 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/29 21:33:56.0071 4636 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/29 21:33:56.0087 4636 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/29 21:33:56.0149 4636 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/29 21:33:56.0227 4636 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/29 21:33:56.0368 4636 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/29 21:33:56.0414 4636 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/29 21:33:56.0446 4636 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/29 21:33:56.0524 4636 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/29 21:33:56.0617 4636 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/29 21:33:56.0695 4636 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/29 21:33:56.0742 4636 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/29 21:33:56.0804 4636 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/29 21:33:57.0023 4636 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/29 21:33:57.0085 4636 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/29 21:33:57.0288 4636 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/29 21:33:57.0350 4636 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/29 21:33:57.0382 4636 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/29 21:33:57.0428 4636 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/29 21:33:57.0475 4636 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/29 21:33:57.0709 4636 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/29 21:33:57.0787 4636 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/29 21:33:57.0834 4636 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/29 21:33:57.0881 4636 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/29 21:33:57.0912 4636 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/29 21:33:57.0959 4636 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/29 21:33:58.0006 4636 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/29 21:33:58.0037 4636 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/29 21:33:58.0052 4636 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/29 21:33:58.0084 4636 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/29 21:33:58.0162 4636 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/29 21:33:58.0177 4636 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/29 21:33:58.0255 4636 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/29 21:33:58.0302 4636 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/29 21:33:58.0333 4636 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/29 21:33:58.0380 4636 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/29 21:33:58.0411 4636 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/29 21:33:58.0442 4636 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/29 21:33:58.0474 4636 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/29 21:33:58.0505 4636 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/29 21:33:58.0536 4636 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/29 21:33:58.0552 4636 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/29 21:33:58.0583 4636 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/29 21:33:58.0598 4636 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/29 21:33:58.0630 4636 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/29 21:33:58.0723 4636 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/29 21:33:58.0801 4636 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/29 21:33:58.0848 4636 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/29 21:33:58.0879 4636 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/29 21:33:58.0910 4636 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/29 21:33:58.0926 4636 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/29 21:33:58.0973 4636 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/29 21:33:59.0020 4636 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/29 21:33:59.0191 4636 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/29 21:33:59.0378 4636 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/29 21:33:59.0456 4636 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/29 21:33:59.0566 4636 ================================================================================
2011/04/29 21:33:59.0566 4636 Scan finished
2011/04/29 21:33:59.0566 4636 ================================================================================

Alt 30.04.2011, 15:23   #8
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Unhide habe ich auch gerade ausgeführt. Die meisten Sachen sind wieder sichtbar, aber gerade die (Word-)Dokumente die ich auf dem Desktop hatte funktionieren nicht richtig, bzw. sind nicht sichtbar. Auch werden auf dem Desktop viele Verlinkungen nicht angezeigt oder ohne Image, was mache ich damit?
Außerdem sind alle Ordner, Programme usw. die man normalerweise sieht wenn man den Windows-Start-Button (Der links unten, weiß nicht so genau wie der heist) klickt immer noch nicht sichtbar.

Alt 01.05.2011, 13:46   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logs bitte immer in CODE-Tags posten

Alt 01.05.2011, 14:44   #10
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-30.05 - Henni 01.05.2011  15:27:19.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2170 [GMT 2:00]
ausgeführt von:: c:\users\Henni\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-01 bis 2011-05-01  ))))))))))))))))))))))))))))))
.
.
2011-05-01 13:31 . 2011-05-01 13:31	--------	d-----w-	c:\users\Henni\AppData\Local\temp
2011-05-01 13:31 . 2011-05-01 13:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-29 19:34 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30031C28-F751-4044-8DEC-D547017CBD3E}\mpengine.dll
2011-04-28 20:35 . 2011-04-28 20:35	--------	d-----w-	C:\_OTL
2011-04-28 11:48 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 11:48 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 11:48 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-27 10:48 . 2011-04-27 10:48	--------	d-----w-	c:\users\Henni\AppData\Roaming\Malwarebytes
2011-04-27 10:48 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 10:48 . 2011-04-27 10:48	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-27 10:47 . 2011-04-27 11:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-27 10:47 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-15 13:40 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 13:40 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-15 13:40 . 2011-02-17 06:23	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-04-15 13:40 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-02 20:54 . 2011-04-02 21:00	--------	d-----w-	c:\users\Henni\.smplayer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 15:49 . 2011-03-25 15:49	411368	----a-w-	c:\windows\system32\deploytk.dll
2011-03-03 15:40 . 2011-04-28 11:48	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 11:48	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 11:48	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 11:48	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 09:06	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:06	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:06	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-02 16:11 . 2009-10-05 00:03	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Steam"="d:\programme\Steam\Steam.exe" [2010-12-04 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"CTHelper"="CTHELPER.EXE" [2007-10-25 19456]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"SunJavaUpdateSched"="d:\programme\Java\bin\jusched.exe" [2011-03-25 149280]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor.lnk - c:\program files\802.11g Wireless LAN\Monitor.exe [2004-5-18 917504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-17 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-01 c:\windows\Tasks\User_Feed_Synchronization-{3F0F7E61-F75A-4FBB-AD90-3AD676F3CFAA}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Henni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Henni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Henni\AppData\Roaming\Mozilla\Firefox\Profiles\5vvkm3ut.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Müller Foto - d:\programe\Müller Foto\uninstall.exe
AddRemove-WinRAR archiver - d:\programe\WinRAR\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-01 15:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1022467639-3878569942-1484456679-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35EC5D8B-6AE5-3983-A35F-0662B0697967}*]
"haebmiieegfjbjkn"=hex:6b,61,6f,65,64,6b,6f,62,6b,6f,67,63,64,68,64,66,70,6f,
   64,6c,66,6d,00,02
"iakbogghglimkdjoej"=hex:6b,61,70,64,67,6c,63,6e,68,6e,69,6e,66,6f,67,69,67,68,
   63,67,6d,66,00,02
.
[HKEY_USERS\S-1-5-21-1022467639-3878569942-1484456679-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:19,74,f1,f4,25,39,37,df,8d,8c,dd,e9,2f,ee,08,c8,1b,1a,34,63,d5,5d,21,
   2c,fb,cc,66,f8,cb,a1,90,af,e5,05,6c,3a,a6,88,03,e6,f3,44,d6,dc,18,8b,55,c6,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-1022467639-3878569942-1484456679-1000\Software\SecuROM\License information*]
"datasecu"=hex:df,c2,19,9b,40,1e,e5,57,81,c3,a2,c4,6d,ad,76,6b,f7,99,fc,e1,f6,
   7b,95,5a,bd,b5,a6,1e,19,29,62,e4,00,02,1c,dd,06,ed,70,3e,2c,fc,25,16,81,46,\
"rkeysecu"=hex:5a,73,2d,1b,6f,cb,9d,a3,8e,8c,44,35,87,d2,1b,f2
.
Zeit der Fertigstellung: 2011-05-01  15:33:02
ComboFix-quarantined-files.txt  2011-05-01 13:32
.
Vor Suchlauf: 9.315.016.704 Bytes frei
Nach Suchlauf: 8.405.274.624 Bytes frei
.
- - End Of File - - 70D589FAF6767A95C7351F22BDF3396E
         
--- --- ---

Alt 01.05.2011, 15:17   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Regnull::
[HKEY_USERS\S-1-5-21-1022467639-3878569942-1484456679-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35EC5D8B-6AE5-3983-A35F-0662B0697967}*]
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logs bitte immer in CODE-Tags posten

Alt 01.05.2011, 15:46   #12
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-30.06 - Henni 01.05.2011  16:35:11.2.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2189 [GMT 2:00]
ausgeführt von:: c:\users\Henni\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\Henni\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-01 bis 2011-05-01  ))))))))))))))))))))))))))))))
.
.
2011-05-01 14:39 . 2011-05-01 14:39	--------	d-----w-	c:\users\Henni\AppData\Local\temp
2011-05-01 14:39 . 2011-05-01 14:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-01 13:47 . 2011-05-01 13:47	--------	d-----w-	c:\program files\CCleaner
2011-05-01 13:25 . 2011-05-01 13:33	--------	d-----w-	C:\cofi.exe
2011-04-29 19:34 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30031C28-F751-4044-8DEC-D547017CBD3E}\mpengine.dll
2011-04-28 20:35 . 2011-04-28 20:35	--------	d-----w-	C:\_OTL
2011-04-28 11:48 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 11:48 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 11:48 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-27 10:48 . 2011-04-27 10:48	--------	d-----w-	c:\users\Henni\AppData\Roaming\Malwarebytes
2011-04-27 10:48 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 10:48 . 2011-04-27 10:48	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-27 10:47 . 2011-04-27 11:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-27 10:47 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-15 13:40 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 13:40 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-15 13:40 . 2011-02-17 06:23	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-04-15 13:40 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-02 20:54 . 2011-04-02 21:00	--------	d-----w-	c:\users\Henni\.smplayer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 15:49 . 2011-03-25 15:49	411368	----a-w-	c:\windows\system32\deploytk.dll
2011-03-03 15:40 . 2011-04-28 11:48	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 11:48	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 11:48	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 11:48	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 09:06	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 09:06	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 09:06	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-02 16:11 . 2009-10-05 00:03	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Steam"="d:\programme\Steam\Steam.exe" [2010-12-04 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"Skytel"="Skytel.exe" [2008-07-16 1833504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"CTHelper"="CTHELPER.EXE" [2007-10-25 19456]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"SunJavaUpdateSched"="d:\programme\Java\bin\jusched.exe" [2011-03-25 149280]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor.lnk - c:\program files\802.11g Wireless LAN\Monitor.exe [2004-5-18 917504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-17 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-17 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-01 c:\windows\Tasks\User_Feed_Synchronization-{3F0F7E61-F75A-4FBB-AD90-3AD676F3CFAA}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Henni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Henni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Henni\AppData\Roaming\Mozilla\Firefox\Profiles\5vvkm3ut.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-01 16:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1022467639-3878569942-1484456679-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:19,74,f1,f4,25,39,37,df,8d,8c,dd,e9,2f,ee,08,c8,1b,1a,34,63,d5,5d,21,
   2c,fb,cc,66,f8,cb,a1,90,af,e5,05,6c,3a,a6,88,03,e6,f3,44,d6,dc,18,8b,55,c6,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-1022467639-3878569942-1484456679-1000\Software\SecuROM\License information*]
"datasecu"=hex:df,c2,19,9b,40,1e,e5,57,81,c3,a2,c4,6d,ad,76,6b,f7,99,fc,e1,f6,
   7b,95,5a,bd,b5,a6,1e,19,29,62,e4,00,02,1c,dd,06,ed,70,3e,2c,fc,25,16,81,46,\
"rkeysecu"=hex:5a,73,2d,1b,6f,cb,9d,a3,8e,8c,44,35,87,d2,1b,f2
.
Zeit der Fertigstellung: 2011-05-01  16:40:41
ComboFix-quarantined-files.txt  2011-05-01 14:40
ComboFix2.txt  2011-05-01 13:33
.
Vor Suchlauf: 8.313.925.632 Bytes frei
Nach Suchlauf: 8.504.999.936 Bytes frei
.
- - End Of File - - 80811F5EECB6F8D001E48746B69704E8
         
--- --- ---

Alt 01.05.2011, 15:57   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logs bitte immer in CODE-Tags posten

Alt 01.05.2011, 16:55   #14
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15572 - hxxp://www.gmer.net
Rootkit scan 2011-05-01 17:38:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_HD160JJ rev.ZM100-37
Running: pkmi3fsn.exe; Driver: C:\Users\Henni\AppData\Local\Temp\pgloipog.sys


---- System - GMER 1.0.15 ----

SSDT            A2744D14                                                                                             ZwCreateThread
SSDT            A2744D00                                                                                             ZwOpenProcess
SSDT            A2744D05                                                                                             ZwOpenThread
SSDT            A2744D0F                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                        822AF9A4 4 Bytes  [14, 4D, 74, A2] {ADC AL, 0x4d; JZ 0xffffffffffffffa6}
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                        822AFB74 4 Bytes  [00, 4D, 74, A2]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                        822AFB90 4 Bytes  [05, 4D, 74, A2]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                        822AFDA4 4 Bytes  [0F, 4D, 74, A2]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8EC05340, 0x40AA77, 0xE8000020]
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                             section is executable [0x8F9D0300, 0x25D4C, 0xE0000060]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [746A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [746FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [746ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7469F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [746A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7469E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [746D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [746ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [7469FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7469FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [746971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7472CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [746CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [7469D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74696853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7469687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3272] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [746A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 01.05.2011, 16:56   #15
Janz Toll!
 
TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Standard

TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt



OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:54:35 on 01.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Henni\AppData\Local\Temp\catchme.sys  (File not found)
"COMMONFX.DLL" (COMMONFX.DLL) - "Creative Technology Ltd" - C:\Windows\System32\COMMONFX.DLL
"CT20XUT.DLL" (CT20XUT.DLL) - ? - C:\Windows\System32\CT20XUT.DLL  (File not found)
"CTAUDFX.DLL" (CTAUDFX.DLL) - "Creative Technology Ltd" - C:\Windows\System32\CTAUDFX.DLL
"CTEAPSFX.DLL" (CTEAPSFX.DLL) - "Creative Technology Ltd" - C:\Windows\System32\CTEAPSFX.DLL
"CTEDSPFX.DLL" (CTEDSPFX.DLL) - "Creative Technology Ltd" - C:\Windows\System32\CTEDSPFX.DLL
"CTEDSPIO.DLL" (CTEDSPIO.DLL) - "Creative Technology Ltd" - C:\Windows\System32\CTEDSPIO.DLL
"CTEDSPSY.DLL" (CTEDSPSY.DLL) - "Creative Technology Ltd" - C:\Windows\System32\CTEDSPSY.DLL
"CTERFXFX.DLL" (CTERFXFX.DLL) - "Creative Technology Ltd" - C:\Windows\System32\CTERFXFX.DLL
"CTEXFIFX.DLL" (CTEXFIFX.DLL) - ? - C:\Windows\System32\CTEXFIFX.DLL  (File not found)
"CTHWIUT.DLL" (CTHWIUT.DLL) - ? - C:\Windows\System32\CTHWIUT.DLL  (File not found)
"CTSBLFX.DLL" (CTSBLFX.DLL) - "Creative Technology Ltd" - C:\Windows\System32\CTSBLFX.DLL
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\Windows\DOWNLO~1\CTPIDPDE.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - D:\Programme\Java\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - D:\Programme\Java\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - D:\Programme\Java\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{6FE6A929-59D1-4763-91AD-29B61CFFB35B} "An Mindjet MindManager senden" - "Mindjet" - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{6FE6A929-59D1-4763-91AD-29B61CFFB35B} "CmjBrowserHelperObject Object" - "Mindjet" - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Henni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Monitor.lnk" - ? - C:\Program Files\802.11g Wireless LAN\Monitor.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Steam" - "Valve Corporation" - "D:\Programme\Steam\Steam.exe" -silent
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CTHelper" - "Creative Technology Ltd" - CTHELPER.EXE
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MMReminderService" - "Mindjet" - C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "D:\Programme\Java\bin\jusched.exe"
"UpdReg" - "Creative Technology Ltd." - C:\Windows\UpdReg.EXE
"VolPanel" - "Creative Technology Ltd" - "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PCL hpf3l70w.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70w.dll
"PDF-XChange" - "Tracker Software" - C:\Windows\system32\pxc25pm.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Creative ALchemy AL6 Licensing Service" (Creative ALchemy AL6 Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Antwort

Themen zu TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt
0x00000001, 32 bit, antivir, antivirus, avgntflt.sys, avira, avira antivir, beschädigte, c:\windows\system32\rundll32.exe, dateien versteckt, daten, document, entdeck, excel.exe, extras.txt, festplatte, free, funktionieren, hallo zusammen, helper.exe, hinweis, install.exe, langs, location, löschen, meldung, monitor.exe, neustart, nicht löschen, nicht mehr, nvlddmkm.sys, officejet, oldtimer, ordner, otl.txt, personal, platte, plug-in, programm, programme, rootkit.tdss.gen, saver, searchplugins, shell32.dll, skype.exe, start menu, studio, super, trojan.agent.u, trojaner, usern, warnhinweis, wenig ahnung, windows



Ähnliche Themen: TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt


  1. Windows Vista: Kazy.mekml.1 , Festplattenschaden, Dateien weg
    Log-Analyse und Auswertung - 01.12.2013 (25)
  2. Desktop schwarz, Dateien versteckt, RAM ausgelastet/Festplattenfehler-Meldung
    Plagegeister aller Art und deren Bekämpfung - 04.06.2011 (7)
  3. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (11)
  4. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Mülltonne - 20.05.2011 (0)
  5. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Mülltonne - 20.05.2011 (0)
  6. TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (38)
  7. TR/Kazy.mekml.1 - Festplatte beschädigt, Datein versteckt
    Log-Analyse und Auswertung - 04.05.2011 (11)
  8. TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!
    Log-Analyse und Auswertung - 02.05.2011 (18)
  9. TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(
    Log-Analyse und Auswertung - 29.04.2011 (6)
  10. TR/Kazy.mekml.1 - Dateien verschwunden,
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  11. TR/Kazy.mekml.1 , Eigene Dateien weg, Desktop futsch,....
    Log-Analyse und Auswertung - 28.04.2011 (1)
  12. TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (9)
  13. TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (17)
  14. TR/Kazy.mehl.1 eingefangen, schwarzer Bildschirm, meldet mir Festplattenfehler, Dateien verschwunden
    Log-Analyse und Auswertung - 25.04.2011 (1)
  15. tr/kazy.mekml.1' desktop dateien weg
    Log-Analyse und Auswertung - 25.04.2011 (1)
  16. tr kazy.mekml.1 - dateien wieder sichtbar machen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  17. TR/kazy.mekml, Festplatte beschädigt, Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)

Zum Thema TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt - Hallo zusammen, nun hats auch mich erwischt... janz toll! Das passt grad überhaupt nicht. Aber so gehts wohl jedem hier. Hab mir gestern diesen Trojaner - TR/Kazy.mekml.1 - (laut Avira - TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt...
Archiv
Du betrachtest: TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.