| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tr/kazy.mekml.1, ebenfallsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.04.2011, 21:49
| #1 |
 |  tr/kazy.mekml.1, ebenfalls tr/kazy.mekml.1 Guten Tag, Ich habe auf meinem Computer scheinbar den selben Virus, wie etliche andere Nutzer dieses Forums ebenfalls. -Antivir zeigt den Fund von TR/Kazy.mekml.1 -Meldungen dass Festplatte beschädigt ist. -kein Zugriff auf Dateien -und schwarzer Hintergrund. Aufgrund der Regel 1 "Jede Infizierung bedarf individuelle Behandlung" poste ich td mal meine logfiles und hoffe dass ich niemanden langweile  Vielen Dank im Voraus OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.04.2011 21:39:12 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free 8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,93 Gb Total Space | 409,04 Gb Free Space | 89,91% Space Free | Partition Type: NTFS Computer Name: ALEX-VAIO | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alex\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\PFmPbJoHGuT.exe (BitSprx) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Sony\VAIO Care\VCSpt.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\attrib.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Alex\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.13 14:05:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.15 21:26:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.04.19 19:35:54 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110123230745.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - File not found O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - File not found O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110123230745.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx) O4 - HKCU..\Run: [Stisaq] C:\Users\Alex\AppData\Local\iduqadun.dll (Dritek System Inc.) O4 - HKCU..\Run: [Tjezesecoqafarip] C:\Users\Alex\AppData\Local\psdrpami.dll (FileZilla Project) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.19 21:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011.04.19 21:19:49 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Alex\OTL.exe [2011.04.19 21:05:22 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2011.04.18 11:53:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics [2011.04.18 10:46:43 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Local\{BA61080E-314A-42BE-8C5C-1B7ABE2C72DB} [2011.04.18 10:45:04 | 000,569,344 | -H-- | C] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe [2011.04.16 23:39:06 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.04.16 23:34:53 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Roaming\DivX [2011.04.16 23:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2011.04.16 23:30:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\DivX [2011.04.15 12:38:45 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.15 12:38:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.15 12:38:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.15 12:38:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.15 12:38:39 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.15 12:38:27 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.15 12:38:27 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.15 12:38:27 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.15 12:38:26 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.15 12:38:18 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.15 12:38:18 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.15 12:38:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.15 12:38:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.15 12:37:52 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.15 12:37:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.15 12:37:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.15 12:37:51 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.15 12:37:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.15 12:37:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.15 12:37:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.15 12:37:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.15 12:37:50 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.15 12:37:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.15 12:37:48 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.15 12:37:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.15 12:37:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.15 12:37:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.15 12:37:25 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.15 12:37:25 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.15 12:37:25 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.15 12:37:25 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.15 12:37:25 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.15 12:37:25 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.15 12:37:25 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.15 12:37:16 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.15 12:37:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.15 12:37:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.15 12:37:14 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.13 19:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services [2011.04.13 19:08:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2011.04.13 19:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011.04.13 19:07:23 | 000,000,000 | -H-D | C] -- C:\Users\Alex\Documents\Visual Studio 2010 [2011.04.13 19:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2011.04.13 19:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2011.04.13 19:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2011.04.13 19:03:09 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2011.04.13 19:03:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 10.0 [2011.04.13 19:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2011.04.13 19:03:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Help Viewer [2011.04.07 20:14:47 | 022,229,776 | -H-- | C] (DVDVideoSoft Limited. ) -- C:\Users\Alex\Desktop\FreeYouTubeToMp3Converter.exe [2011.03.26 01:44:48 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData\Roaming\FreeOrion [2009.07.14 00:24:58 | 000,369,664 | -H-- | C] (Dritek System Inc.) -- C:\Users\Alex\AppData\Local\iduqadun.dll [2009.07.14 00:24:58 | 000,097,280 | -H-- | C] (FileZilla Project) -- C:\Users\Alex\AppData\Local\psdrpami.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.19 21:43:53 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 21:43:53 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 21:34:18 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.19 21:33:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.19 21:33:40 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2011.04.19 21:29:02 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.19 21:19:49 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Alex\OTL.exe [2011.04.19 21:17:23 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2011.04.19 21:15:23 | 000,018,958 | -H-- | M] () -- C:\Users\Alex\Desktop\41759176_ronaldinho_al300.jpg [2011.04.19 21:12:08 | 000,487,424 | -H-- | M] () -- C:\ProgramData\44490504.exe [2011.04.19 20:51:02 | 000,000,000 | -H-- | M] () -- C:\Users\Alex\AppData\Local\Upuhep.bin [2011.04.18 10:46:45 | 000,000,120 | -H-- | M] () -- C:\Users\Alex\AppData\Local\Aqaruqecuz.dat [2011.04.18 10:45:03 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe [2011.04.16 20:21:42 | 000,240,659 | ---- | M] () -- C:\test.xml [2011.04.16 11:44:59 | 000,322,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.16 01:00:32 | 001,577,472 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.16 01:00:32 | 000,692,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.16 01:00:32 | 000,648,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.16 01:00:32 | 000,145,708 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.16 01:00:32 | 000,119,246 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.16 01:00:15 | 001,577,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.07 23:00:42 | 000,033,810 | -HS- | M] () -- C:\Users\Alex\Desktop\Folder.jpg [2011.04.07 23:00:42 | 000,006,432 | -HS- | M] () -- C:\Users\Alex\Desktop\AlbumArtSmall.jpg [2011.04.07 20:16:07 | 000,001,243 | -H-- | M] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.07 20:15:36 | 000,001,402 | -H-- | M] () -- C:\Users\Alex\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.07 20:14:47 | 022,229,776 | -H-- | M] (DVDVideoSoft Limited. ) -- C:\Users\Alex\Desktop\FreeYouTubeToMp3Converter.exe [2011.03.27 20:27:08 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.03.27 00:23:56 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.19 21:15:33 | 000,018,958 | -H-- | C] () -- C:\Users\Alex\Desktop\41759176_ronaldinho_al300.jpg [2011.04.19 21:12:08 | 000,487,424 | -H-- | C] () -- C:\ProgramData\44490504.exe [2011.04.18 10:46:45 | 000,000,120 | -H-- | C] () -- C:\Users\Alex\AppData\Local\Aqaruqecuz.dat [2011.04.18 10:46:45 | 000,000,000 | -H-- | C] () -- C:\Users\Alex\AppData\Local\Upuhep.bin [2011.04.13 19:26:01 | 000,002,485 | -H-- | C] () -- C:\Users\Alex\Desktop\AlexanderSpitzer.cs [2011.04.07 23:00:42 | 000,033,810 | -HS- | C] () -- C:\Users\Alex\Desktop\Folder.jpg [2011.04.07 23:00:42 | 000,006,432 | -HS- | C] () -- C:\Users\Alex\Desktop\AlbumArtSmall.jpg [2011.04.07 20:15:54 | 000,001,243 | -H-- | C] () -- C:\Users\Alex\Desktop\DVDVideoSoft Free Studio.lnk [2011.03.27 00:23:56 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.03.13 13:58:25 | 000,233,541 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.02.01 21:07:24 | 001,577,472 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.12 18:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.10.12 18:30:22 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.10.12 18:30:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.10.12 18:30:21 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.10.12 18:30:20 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.10.12 18:30:13 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2010.10.12 18:30:13 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2010.10.12 18:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.01 00:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.03.18 15:54:38 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\Auslogics [2011.01.25 18:24:29 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.26 17:13:01 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\FreeOrion [2011.04.19 19:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2011.04.19 19:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\SoftGrid Client [2011.02.01 21:08:34 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData\Roaming\TP [2011.03.22 20:23:00 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.04.2011 21:39:12 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alex
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,93 Gb Total Space | 409,04 Gb Free Space | 89,91% Space Free | Partition Type: NTFS
Computer Name: ALEX-VAIO | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{E0156F98-8990-09B0-FCEC-1914C3281283}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01BA7349-0270-8D01-279E-0960D158B9B0}" = Catalyst Control Center Graphics Full Existing
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{09BF3083-B76F-B5A0-2446-CDCA707F5918}" = CCC Help Russian
"{0D0F662B-EBEA-4075-819E-74798AD42CDE}" = VAIO Care
"{0F73537E-25F5-81B7-7CD8-517083B1F48D}" = CCC Help Chinese Traditional
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{16E107BF-24A3-28A5-91C9-556A0AA4875D}" = CCC Help Italian
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2105804E-14A1-1B5C-DF13-FB04C4059972}" = CCC Help Thai
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23CFDAC8-5CCE-1A02-581A-753B0A6BEEE1}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{275EA703-F9BD-0F41-F004-DB89011ED5A7}" = CCC Help Dutch
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B72AF5B-EC2D-25BD-2A38-5F3C0A727DA8}" = CCC Help Greek
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3B887224-2336-0699-917A-B38B5B99A254}" = CCC Help French
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4F527211-4FDF-76EA-61A5-91EE3161980B}" = Catalyst Control Center Core Implementation
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D279843-4635-85CA-9201-3BD9E179E749}" = CCC Help Chinese Standard
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{6B4E92B0-6691-E4A1-A86B-6600BD6972D4}" = CCC Help Turkish
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{74B81E20-730A-F440-FB01-C7B3716CB80A}" = Catalyst Control Center Graphics Previews Common
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{77F38281-1BAC-80B3-D99E-AE11CE3A0924}" = Catalyst Control Center Graphics Full New
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D793D3E-C37E-4C1D-4ACF-D05878F5D480}" = CCC Help Japanese
"{7FC454AE-6857-215B-33FF-D50835C32EF9}" = CCC Help Danish
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F2DAC3B-E040-1B90-D882-EEF8033AA0A5}" = Catalyst Control Center Graphics Previews Vista
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{919FBC0E-93A3-445A-2055-BCB23AED1641}" = Catalyst Control Center Localization All
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B19E486A-59E8-5585-CB2F-4DCB1B230368}" = CCC Help Czech
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{B945DDC0-3213-4850-8B20-F2DA67FDFE9E}" = CCC Help Norwegian
"{BA1CA03B-8F13-12C6-BCE6-46C422B357AE}" = CCC Help German
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBF0B71F-F8F3-70FD-B558-7835894F40A5}" = CCC Help Portuguese
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4CE65B8-23C1-A51B-6739-AE6686DD6C6D}" = CCC Help Korean
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7F08B1C-A956-3A0A-E891-83173A2F73BA}" = Catalyst Control Center Graphics Light
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{D9D30D77-E0E2-6B2F-3C7B-0D8C9A82C8DB}" = CCC Help English
"{DBE88A57-BD7B-E315-C07D-D203E514BB58}" = CCC Help Finnish
"{DD256151-9EAC-9D83-8D60-A475F092CF03}" = CCC Help Hungarian
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}" = Armageddon
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F572C0E3-90D1-CC46-C163-4C4E50D3C220}" = ccc-core-static
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F93A233E-59A6-CBD2-68D3-4446D710EDA5}" = CCC Help Polish
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB33CE0D-D26D-86C3-9BD5-F58631EAE3C2}" = CCC Help Swedish
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"MSC" = McAfee Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RiseOfNations Trial 1.0" = Microsoft Rise Of Nations Trial
"splashtop" = VAIO Quick Web Access
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO screensaver" = VAIO screensaver
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2011 18:07:10 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c3535 Name des fehlerhaften Moduls: Flash64_10_3_162.ocx, Version:
10.3.162.28, Zeitstempel: 0x4cd9fabd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001c0ff1
ID
des fehlerhaften Prozesses: 0x1984 Startzeit der fehlerhaften Anwendung: 0x01cbf16c6db3be0b
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx
Berichtskennung:
8da4361a-5d75-11e0-a07a-889ffaddd900
Error - 02.04.2011 18:07:27 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c3535 Name des fehlerhaften Moduls: Flash64_10_3_162.ocx, Version:
10.3.162.28, Zeitstempel: 0x4cd9fabd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001c0ff1
ID
des fehlerhaften Prozesses: 0x1e94 Startzeit der fehlerhaften Anwendung: 0x01cbf18253c3f40e
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx
Berichtskennung:
9807f86c-5d75-11e0-a07a-889ffaddd900
Error - 02.04.2011 18:08:10 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c3535 Name des fehlerhaften Moduls: Flash64_10_3_162.ocx, Version:
10.3.162.28, Zeitstempel: 0x4cd9fabd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001c0ff1
ID
des fehlerhaften Prozesses: 0x414 Startzeit der fehlerhaften Anwendung: 0x01cbf1826ee4a01e
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx
Berichtskennung:
b1df7dda-5d75-11e0-a07a-889ffaddd900
Error - 02.04.2011 18:08:27 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
Zeitstempel: 0x4d0c3535 Name des fehlerhaften Moduls: Flash64_10_3_162.ocx, Version:
10.3.162.28, Zeitstempel: 0x4cd9fabd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000001c0ff1
ID
des fehlerhaften Prozesses: 0x1e00 Startzeit der fehlerhaften Anwendung: 0x01cbf182793ca274
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_10_3_162.ocx
Berichtskennung:
bbfcc044-5d75-11e0-a07a-889ffaddd900
Error - 13.04.2011 14:18:17 | Computer Name = Alex-VAIO | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 13.04.2011 14:18:17 | Computer Name = Alex-VAIO | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 13.04.2011 19:30:18 | Computer Name = Alex-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 14.04.2011 12:13:18 | Computer Name = Alex-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Die Serververbindung wurde aufgrund eines
Fehlers beendet. ErrorCode: 14007(0x36b7).
Error - 14.04.2011 19:30:28 | Computer Name = Alex-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Die Serververbindung wurde aufgrund eines
Fehlers beendet. ErrorCode: 14007(0x36b7).
Error - 16.04.2011 18:37:40 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.1.20,
Zeitstempel: 0x4cdc8b7a Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.5.0.0,
Zeitstempel: 0x49a6280b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000e1b16 ID des fehlerhaften
Prozesses: 0x644 Startzeit der fehlerhaften Anwendung: 0x01cbfc86d8a71e66 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus
Player.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\DivX
Shared\Qt4.5\QtCore4.dll Berichtskennung: 22602804-687a-11e0-85f9-889ffaddd900
[ Media Center Events ]
Error - 14.01.2011 10:15:01 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 15:15:01 - Fehler beim Herstellen der Internetverbindung. 15:15:01
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2011 12:56:43 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 17:56:43 - Fehler beim Herstellen der Internetverbindung. 17:56:43
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2011 16:54:04 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 21:54:04 - Fehler beim Herstellen der Internetverbindung. 21:54:04
- Serververbindung konnte nicht hergestellt werden..
Error - 14.01.2011 17:54:09 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 22:54:09 - Fehler beim Herstellen der Internetverbindung. 22:54:09
- Serververbindung konnte nicht hergestellt werden..
Error - 15.01.2011 18:54:20 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 23:54:20 - Fehler beim Herstellen der Internetverbindung. 23:54:20
- Serververbindung konnte nicht hergestellt werden..
Error - 18.01.2011 15:22:46 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 20:22:46 - Fehler beim Herstellen der Internetverbindung. 20:22:46
- Serververbindung konnte nicht hergestellt werden..
Error - 21.01.2011 12:32:32 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 17:32:32 - Fehler beim Herstellen der Internetverbindung. 17:32:32
- Serververbindung konnte nicht hergestellt werden..
Error - 23.01.2011 13:13:15 | Computer Name = Alex-VAIO | Source = MCUpdate | ID = 0
Description = 18:13:15 - Fehler beim Herstellen der Internetverbindung. 18:13:15
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "HPSLPSVC" konnte sich nicht als "NT AUTHORITY\SYSTEM"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Network Devices Support" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1069
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1115
Error - 03.04.2011 15:18:56 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Computerbrowser" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1115
Error - 06.04.2011 13:15:36 | Computer Name = Alex-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?04.?2011 um 18:13:11 unerwartet heruntergefahren.
Error - 08.04.2011 19:24:20 | Computer Name = Alex-VAIO | Source = DCOM | ID = 10010
Description =
Error - 16.04.2011 15:24:01 | Computer Name = Alex-VAIO | Source = DCOM | ID = 10016
Description =
Error - 18.04.2011 04:49:12 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
< End of report >
|
|
20.04.2011, 10:56
| #2 |
| /// Malware-holic   | tr/kazy.mekml.1, ebenfalls sehe es mir an.
__________________
__________________ |
|
20.04.2011, 11:10
| #3 |
| /// Malware-holic | tr/kazy.mekml.1, ebenfalls • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\ProgramData\PFmPbJoHGuT.exe (BitSprx) O4 - HKCU..\Run: [Tjezesecoqafarip] C:\Users\Alex\AppData\Local\psdrpami.dll (FileZilla Project) O4 - HKCU..\Run: [Stisaq] C:\Users\Alex\AppData\Local\iduqadun.dll (Dritek System Inc.) O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx) :Files C:\ProgramData\PFmPbJoHGuT.exe C:\Users\Alex\AppData\Local\psdrpami.dll C:\Users\Alex\AppData\Local\iduqadun.dll C:\ProgramData\44490504.exe C:\Users\Alex\AppData\Local\Upuhep.bin C:\Users\Alex\AppData\Local\Aqaruqecuz.dat :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne D: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. das archiv nach anleitung hochladen: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
20.04.2011, 11:22
| #4 |
| /// Helfer-Team   | tr/kazy.mekml.1, ebenfalls Von mir gelöscht, Thema wurde schon beantwortet! Cf
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (20.04.2011 um 11:25 Uhr) Grund: wurdeschon beantwortet |
|
20.04.2011, 12:55
| #5 |
| | tr/kazy.mekml.1, ebenfalls hier das OTL Textdokument: All processes killed ========== OTL ========== No active process named PFmPbJoHGuT.exe was found! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tjezesecoqafarip deleted successfully. C:\Users\Alex\AppData\Local\psdrpami.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Stisaq deleted successfully. C:\Users\Alex\AppData\Local\iduqadun.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PFmPbJoHGuT deleted successfully. C:\ProgramData\PFmPbJoHGuT.exe moved successfully. ========== FILES ========== File\Folder C:\ProgramData\PFmPbJoHGuT.exe not found. File\Folder C:\Users\Alex\AppData\Local\psdrpami.dll not found. File\Folder C:\Users\Alex\AppData\Local\iduqadun.dll not found. C:\ProgramData\44490504.exe moved successfully. C:\Users\Alex\AppData\Local\Upuhep.bin moved successfully. C:\Users\Alex\AppData\Local\Aqaruqecuz.dat moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Alex ->Flash cache emptied: 98929 bytes User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Alex ->Temp folder emptied: 166922125 bytes ->Temporary Internet Files folder emptied: 493167394 bytes ->Java cache emptied: 204223 bytes ->Google Chrome cache emptied: 6810778 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20165964 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50367 bytes RecycleBin emptied: 2351391081 bytes Total Files Cleaned = 2.898,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04202011_124007 Files\Folders moved on Reboot... C:\Users\Alex\AppData\Local\Temp\9867.tmp moved successfully. C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Alex\AppData\Local\Temp\~DF0093C0E60617FB89.TMP not found! File\Folder C:\Users\Alex\AppData\Local\Temp\~DF19B19922E248D13C.TMP not found! File\Folder C:\Users\Alex\AppData\Local\Temp\~DF916318E84A73EA5F.TMP not found! File\Folder C:\Users\Alex\AppData\Local\Temp\~DFA8D667FF49E9CB98.TMP not found! Registry entries deleted on Reboot... movedfiles.rar hab ich hochgeladen. |
|
20.04.2011, 13:20
| #6 |
| /// Malware-holic | tr/kazy.mekml.1, ebenfalls gut. weiter gehts. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ --> tr/kazy.mekml.1, ebenfalls |
|
20.04.2011, 23:16
| #7 |
| | tr/kazy.mekml.1, ebenfalls Hier das Malwarebytes Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6406 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20.04.2011 23:11:46 mbam-log-2011-04-20 (23-11-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|) Durchsuchte Objekte: 314434 Laufzeit: 1 Stunde(n), 21 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tjezesecoqafarip (Trojan.Agent.U) -> Value: Tjezesecoqafarip -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Stisaq (Trojan.Agent.U) -> Value: Stisaq -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Alex\AppData\Roaming\Adobe\plugs\kb3127383.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\04202011_124007\c_programdata\pfmpbjohgut.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\04202011_124007\C_Users\Alex\AppData\Local\psdrpami.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. |
|
21.04.2011, 10:43
| #8 |
| /// Malware-holic | tr/kazy.mekml.1, ebenfalls lade unhide.exe und führe es aus. http://filepony.de/download-unhide/ dateien sollten nun alle sichtbar sein
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.04.2011, 13:07
| #9 |
| | tr/kazy.mekml.1, ebenfalls Jawohl, alle Dateien sind sichtbar. Also waren sie davor auch schon, nur irgendwie durchsichtig  . Muss ich jetzt noch irgendwas machen? |
|
28.04.2011, 23:14
| #10 |
| | tr/kazy.mekml.1, ebenfalls Heute wurde auch noch der TR/Crypt.ZPACK.Gen von Antivir gefunden  Hast du auch hier eine Lösung für mich ?? |
|
29.04.2011, 08:48
| #11 |
| /// Malware-holic | tr/kazy.mekml.1, ebenfalls wo wurde was gefunden avira fundmeldung bitte posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.04.2011, 09:04
| #12 |
| | tr/kazy.mekml.1, ebenfalls ANTIVIR Objekt: iduqadun.dll Fund: TR/Podjot.A.290 O: 44490504.exe Fund: TR/Kazy.Mekml.1 O: tr700lqqcore.exe Fund: TR/Crypt.ZPACK.Gen Hier ein Maylwarebytes Log mit 23 infizierten Datein: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6467 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 29.04.2011 09:56:04 mbam-log-2011-04-29 (09-55-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|) Durchsuchte Objekte: 307037 Laufzeit: 1 Stunde(n), 22 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 23 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Alex\AppData\Local\Temp\1DFC.tmp (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\err.log1254794 (Trojan.FakeAlert) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup1004886192.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup1122081132.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup1233519552.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup150378780.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup2165287600.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup2232913464.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup2241101932.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup2304534592.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup2581008892.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup2691066304.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup2794568888.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup3034211968.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup3669343784.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup3690624704.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup3744183448.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup3876947264.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup4028006300.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup4293272288.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup524091072.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup830991952.exe (Heuristics.Shuriken) -> No action taken. c:\Users\Alex\AppData\Local\Temp\setup842726888.exe (Heuristics.Shuriken) -> No action taken. |
|
29.04.2011, 09:23
| #13 |
| | tr/kazy.mekml.1, ebenfalls jetzt, da ich die Funde von MB entfernt habe und keine Alarmierungen mehr auftauchen, habe ich den starken Verdacht das lag an dem TrojanFakeAlert  Aber trotzdem vielen vielen Dank für die Hilfe va. bei meinem Problem mit dem TR/Kazy  |
|
29.04.2011, 10:06
| #14 |
| /// Malware-holic | tr/kazy.mekml.1, ebenfalls machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.04.2011, 12:58
| #15 |
| | tr/kazy.mekml.1, ebenfalls Nein, nichts übermäßig wichtiges, aber sollte ich mir Sorgen machen? |
|
| Themen zu tr/kazy.mekml.1, ebenfalls |
| 64-bit, andere, avgntflt.sys, behandlung, beschädigt, bingbar, c:\windows\system32\rundll32.exe, compu, computer, data restore, dateien, ebenfalls, etliche, festplatte, festplatte beschädigt, forums, fund, gen, google chrome, hoffe, iastor.sys, individuelle, infizierung, install.exe, location, logfiles, media center, microsoft office starter 2010, nutzer, oldtimer, otl.exe, platte, plug-in, poste, richtlinie, saver, sched.exe, schei, schwarzer, shell32.dll, shortcut, start menu, studio, syswow64, tr/kazy.mekml.1, virus, visual studio, webcheck, zugriff |
Linear-Darstellung
