|
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.04.2011, 19:02 | #1 |
| TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Hallo. Ich habe mich soeben im Forum angemeldet, weil ich mit meinem Laptop ein Problem habe und ich Hilfe benötige! Während ich heute im Internet war, habe ich ein Update für den Adobe Flashplayer geladen. Etwas später wurde eine Fehlermeldung angezeit. Die Festplatte sei beschädigt. Kurz darauf hat sich der Laptop ausgeschaltet. Nach dem Neustart war der Desktop schwarz und die Eigenen Dateien waren nicht mehr sichtbar. Daraufhin habe ich einen Systemscan mit Avira Antivir gemacht und die infizierten Dateien gelöscht. Trotzdem zeig der Avira Guard einen Malwarefund an: In der Datei 'C:\ProgramData\44687112.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.mekml.1' gefunden. Eben habe ich einen Scan mit Malwarebytes gemacht und die Funde gelöscht. Hier ist die Logdatei: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6420 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 22.04.2011 19:40:12 mbam-log-2011-04-22 (19-40-12).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167712 Laufzeit: 30 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: c:\programdata\gownktobbtfmqrq.exe (Trojan.FakeAlert) -> 3360 -> Unloaded process successfully. c:\programdata\44687112.exe (Trojan.FakeAlert) -> 3612 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoWNKtoBbTfMqRQ (Trojan.FakeAlert) -> Value: GoWNKtoBbTfMqRQ -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\gownktobbtfmqrq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\44687112.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\tmp4700.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\documents\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. Ich werde jetzt noch OTL runterladen und die Logfiles davon einstellen. Ich hoffe die Angaben sind ausreichend damit mein Problem gelöst werden kann. Ich bedanke mich bereits im voraus für jegliche Unterstützung! So, jetzt die Logfiles von OTL.OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 20:11:02 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Documents\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 1,93 Gb Free Space | 1,72% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 105,16 Gb Free Space | 94,74% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bertelsmann Fotowelt] -- "C:\Program Files\Bertelsmann Fotowelt\Bertelsmann Fotowelt\Bertelsmann Fotowelt.exe" "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E69915-A4A0-4D63-A40C-2789349D86CC}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{05F5E5A8-05FE-4171-8A4C-5548ED69AE7F}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe | "{0721BAC2-402F-4AB3-80B5-9EEBE37DBEE5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{13A946F5-3535-4C80-A92E-172508E28F00}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | "{1822DE2D-C773-4D0A-B643-AD1B39ADF3C5}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france - saison 2008\pcm.exe | "{333C80FA-1923-4773-BDF5-79965A9CF9D5}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{363FD5FE-625A-48E2-9C24-9A2958B5E415}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{39258BC3-0D0A-43C1-A9B2-0E9BE81210FE}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{3AACF88F-038F-4FBF-9B30-2113E65A48B6}" = protocol=6 | dir=in | app=f:\spiele\age of empires 3\age3.exe | "{40635450-158C-4CDA-B3F9-ECDBCC578DF0}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{45CCB119-F321-4233-800A-EC43046C13B6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\scarf715\counter-strike\hl.exe | "{45DDF7E7-5786-49FD-8B42-336A4E1E8C36}" = protocol=6 | dir=in | app=f:\spiele\age of empires 3\age3x.exe | "{4973CDCD-0B79-4AF1-8622-DD3F2F85122C}" = dir=in | app=c:\program files\itunes\itunes.exe | "{5614EB9F-53D6-4269-B60E-60CD81260597}" = protocol=17 | dir=in | app=f:\spiele\age of empires 3\age3x.exe | "{5C45990B-36FF-4B1D-8AF1-F8CF3DF6C968}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7AD9BC57-6CF9-44F0-AE80-90A2C78092F2}" = protocol=17 | dir=in | app=d:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe | "{7F31A479-6DCD-4793-A861-6FFBA995344F}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france - saison 2008\autorun\exe\autorun.exe | "{808C0D4C-4919-4A28-8702-6E668D634474}" = protocol=17 | dir=in | app=f:\spiele\age of empires 3\age3.exe | "{819D7C64-0F96-4535-BE0D-B6E4AEE928D1}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | "{85EE933E-E3B3-4A10-B060-1BBD6EDF49E3}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe | "{9301F8B2-5F3D-478D-97F2-D8B676687746}" = protocol=6 | dir=in | app=d:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe | "{95DD40D5-12CE-4E1E-99D3-443715E2E591}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9AB7F91A-0C60-4B0E-B884-CC3B1E700E40}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | "{A0906777-243A-43A1-88B9-13BA4849AB62}" = protocol=6 | dir=in | app=d:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe | "{ABB308BE-248E-45FA-BA7F-A77D4AC487D8}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe | "{AC7C232E-A953-4186-AF76-071D0E5E9507}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\scarf715\counter-strike\hl.exe | "{AD1AA6B6-8185-4C34-B11F-89B6D93F3FEE}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france - saison 2008\pcm.exe | "{B072C187-5035-4ABD-8DC9-7BE40140FD30}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{CD2E7FA2-8B10-442B-AF15-A56133EBDAA1}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\pcm.exe | "{DA215C56-185B-473A-85E1-DCD9A87312D6}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | "{F73EF69F-978F-4BB1-9C41-B449AB7EF792}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{FA01DF08-BFFE-4934-AC69-7C325839906B}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france - saison 2008\autorun\exe\autorun.exe | "{FBF50034-A005-4494-A95F-A7F6EC168AB1}" = protocol=17 | dir=in | app=d:\program files\cyanide\tour de france 2009 - der offizielle radsport-manager\autorun\exe\autorun.exe | "TCP Query User{0D1AE37A-5705-430A-88A0-E2CB8D3852D1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{1CF371DB-8D4F-4C5E-A4B2-54DAA11498FA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{431796F2-8DD9-4766-9E01-C5F22A0A443C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E42557E1-DCF0-4300-B805-B8C1B961AFAF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{318A29A7-4B6D-4E31-8FB9-8FF7B704214E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{49870319-79B9-445B-94EF-36AA8508905B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{9F286CC6-7E6E-4AF8-8D0B-774D6B930154}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{AED625EB-593B-49AC-BE15-78241931BBDF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{018FE763-ECD9-577B-05D5-3A67364FBAAA}" = Catalyst Control Center Localization Hungarian "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = FileViewerUtility 1.0 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{1252B4EB-51F1-F349-6D79-954D877FB865}" = Catalyst Control Center Localization Swedish "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II "{14F91018-2A76-725D-056C-ECFF03F40F54}" = CCC Help Swedish "{167FE5D9-865C-4050-BF26-DEB1CF078BEA}" = Canon Camera TWAIN Driver "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1A0B8239-664B-434A-99D8-C50793513249}" = Audials TV "{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7A2A3A-B874-1E81-D291-A5ACB452F23F}" = CCC Help Italian "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24 "{28A78C92-AC8C-DA80-6100-99A3AC4C3911}" = CCC Help Turkish "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2D6BDF3A-6BDB-4169-909F-E882F23AB795}" = Camera Window "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{303A3978-8F11-DAAB-6F72-3D399477CC31}" = Catalyst Control Center Localization Chinese Standard "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4890127D-D62F-C496-9EFF-89FC910ABFE5}" = Catalyst Control Center Localization Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C82121C-EB17-CEB0-996B-4D73FA0FAB47}" = Catalyst Control Center Graphics Light "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5466620C-3B00-0BEE-D626-1FBE29A16AC4}" = Catalyst Control Center Localization Russian "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{5508C9EB-5336-87F4-C2DB-53F2B3A482E7}" = Catalyst Control Center Graphics Previews Vista "{5611C71F-AFC6-EBA3-E3E1-9FCCEC9647EE}" = ccc-core-static "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service "{5D7D1784-84A9-0EDB-62A6-D479F7F75DF6}" = CCC Help Chinese Traditional "{62172AFD-E7F0-CAC1-1334-CB0159566F6C}" = Catalyst Control Center Localization Greek "{65A0F799-1E9A-093B-BB8B-986203DAD390}" = Catalyst Control Center Core Implementation "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67B41BEF-F407-D81D-762F-CC44CC6FEB7A}" = Catalyst Control Center Localization Italian "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DFBD0A2-C692-44F5-1C96-773ED9B16002}" = Catalyst Control Center Graphics Full Existing "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{768361B2-F78F-FFAA-5B1F-EFDB41C70D95}" = CCC Help French "{7A98B8DF-687E-8F7F-9A4A-ED1D9B306EAF}" = CCC Help Russian "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{80C7431E-CB45-40F4-AB4E-090E8AD4706D}" = AudialsOne "{818F922E-DE7A-6FC1-D85C-C44495070174}" = Catalyst Control Center Localization Dutch "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8DB12734-9543-FBB3-E94D-3BE397ED8078}" = Catalyst Control Center Localization Japanese "{9001B8A7-B591-7559-2264-B4A0F480D1A8}" = CCC Help Polish "{905DF41F-D74C-6DF4-9453-D29CDE46A4A4}" = CCC Help Finnish "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{92041735-0623-CD56-9BCB-6CD4385232B0}" = CCC Help Thai "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{96A1E845-A730-4488-99A2-054C5BFAB9D1}" = CCC Help Greek "{97EE277B-C0D9-6394-9A01-7681086EED5C}" = Catalyst Control Center Localization Portuguese "{99F9ACB2-BCD2-B5A7-7738-24FB0B7B7763}" = ccc-utility "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack "{9DCC214C-CD1A-1115-6775-A9056185FE4E}" = ATI Catalyst Install Manager "{9F06F30E-5138-2315-EC57-D4A23D572649}" = CCC Help Portuguese "{A3D22413-28D3-636E-1CE9-BC55C46364C3}" = Catalyst Control Center Graphics Full New "{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = PhotoStitch "{A53EA764-AB97-445E-002B-A32165BB0B3B}" = CCC Help Dutch "{A586A89F-2BC4-CEB3-3C52-D1F4B57F572F}" = Catalyst Control Center Localization Turkish "{A5EF9152-55CC-DF0E-AEDA-98D20EC3293E}" = CCC Help Japanese "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A952B4E1-913A-1492-A551-43EAE1D44E1D}" = Catalyst Control Center Localization Chinese Traditional "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B0524CD7-2B3F-50C1-B3AD-87457B7FF852}" = Catalyst Control Center Localization Spanish "{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = RemoteCapture 2.6 "{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX "{C359699C-2D0A-5F08-9C44-4C1A508C4990}" = CCC Help Hungarian "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0 "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CDA83283-8D9F-321F-5C76-AF68D3039B87}" = Catalyst Control Center Localization Czech "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1C099EA-C28C-6593-8CE1-38F63EBD22F4}" = CCC Help Korean "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D885CD8B-343B-271D-85EB-DFE5BE962C0D}" = Catalyst Control Center Localization Norwegian "{DDDA0B2B-674E-A49F-6E31-184F00BDDC85}" = CCC Help Czech "{E2430405-1983-852E-B297-4FF9207E6C16}" = CCC Help German "{E596EC1C-4C61-2457-21B3-EDDA326E8157}" = CCC Help English "{E64D1146-55AE-61E3-7C43-0DA16C0E4416}" = CCC Help Spanish "{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer "{ED924786-EFE7-392D-F37C-64F4B6E19C2F}" = CCC Help Danish "{EE174D9D-EF64-9FC7-C900-57C64F02E80D}" = Catalyst Control Center Localization Danish "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EFF43C31-5F5A-574E-563C-68190FA13F0C}" = CCC Help Chinese Standard "{F023B88F-DD32-8C85-F372-5319180597A5}" = Catalyst Control Center Localization Thai "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2912763-486E-B5D1-D0C6-BD1AE24D0C20}" = Catalyst Control Center Localization Korean "{F2D65205-A1D0-5B53-4399-8AA39F738D9D}" = CCC Help Norwegian "{F4ECB8B5-737F-6910-C26F-7DA94A2C0710}" = Catalyst Control Center Localization Finnish "{F59778FB-4F31-0ADE-84C3-D7D77676A1A5}" = Catalyst Control Center Localization French "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FAAE0782-8073-112D-BC19-12C64A2D90D9}" = Skins "{FAC15A44-64C7-1908-CC36-83BC9A308EA9}" = Catalyst Control Center Localization German "{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "7-Zip" = 7-Zip 4.65 "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Applian FLV Player2.0.23" = Applian FLV Player "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bertelsmann Fotowelt" = Bertelsmann Fotowelt "Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007 "facemoods" = Facemoods Toolbar "Free Studio_is1" = Free Studio version 5.0.8 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "Google Updater" = Google Updater "ICQToolbar" = ICQ Toolbar "InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}" = Canon Utilities FileViewerUtility 1.0 "InstallShield_{167FE5D9-865C-4050-BF26-DEB1CF078BEA}" = Canon IXY 320, PowerShot S230, IXUS v3 TWAIN-Treiber "InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs "InstallShield_{2D6BDF3A-6BDB-4169-909F-E882F23AB795}" = Canon Camera Window for ZoomBrowser EX "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}" = Canon Utilities RemoteCapture 2.6 "InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 2.71 Full "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "PhotoRecord" = Canon PhotoRecord "Pro Cycling Manager 2009_is1" = Pro Cycling Manager - Season 2009 1.0.3.3 "Pulse Adviser_is1" = Pulse Adviser 2.1.1.32 "Steam App 10" = Counter-Strike "Steam App 240" = Counter-Strike: Source "Steam App 590" = Left 4 Dead 2 Demo "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VLC media player 1.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.01.2010 18:22:01 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm soffice.bin, Version 3.1.9398.500 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: d30 Anfangszeit: 01ca93d3b31d381a Zeitpunkt der Beendigung: 16 Error - 13.01.2010 15:14:55 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 15.01.2010 17:03:28 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 15.01.2010 21:39:18 | Computer Name = ***-PC | Source = EventSystem | ID = 4621 Description = Error - 16.01.2010 09:09:11 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.01.2010 09:06:59 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.01.2010 11:00:09 | Computer Name = ***-PC | Source = EventSystem | ID = 4621 Description = Error - 18.01.2010 11:14:24 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 19.01.2010 10:46:40 | Computer Name = ***-PC | Source = EventSystem | ID = 4621 Description = Error - 19.01.2010 13:31:58 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 22.04.2011 11:01:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 22.04.2011 11:01:45 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 22.04.2011 11:01:45 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 22.04.2011 11:01:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Error - 22.04.2011 12:54:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 22.04.2011 12:54:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009 Description = Error - 22.04.2011 12:54:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 22.04.2011 12:55:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009 Description = Error - 22.04.2011 12:55:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 22.04.2011 13:00:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.04.2011 20:11:02 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Documents\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 1,93 Gb Free Space | 1,72% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 105,16 Gb Free Space | 94,74% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Documents\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Documents\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (appdrvrem01) Application Driver Auto Removal Service (01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (appdrv01) Application Driver (01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.03 21:47:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.03 21:47:24 | 000,000,000 | ---D | M] [2008.08.05 19:22:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.04.22 18:59:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2ee02aaw.default\extensions [2011.04.22 14:46:25 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2ee02aaw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.22 14:46:25 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2ee02aaw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.04.22 14:46:26 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2ee02aaw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.22 14:46:26 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2ee02aaw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.22 14:46:23 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2ee02aaw.default\extensions\ffxtlbr@Facemoods.com [2010.10.30 11:49:10 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2ee02aaw.default\extensions\firefox@tvunetworks.com [2011.04.22 14:46:24 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2ee02aaw.default\extensions\vshare@toolbar [2011.04.21 11:56:23 | 000,000,950 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2ee02aaw.default\searchplugins\icqplugin-1.xml [2011.03.06 20:06:50 | 000,000,950 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2ee02aaw.default\searchplugins\icqplugin-2.xml [2011.03.12 13:15:32 | 000,000,950 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2ee02aaw.default\searchplugins\icqplugin-3.xml [2011.04.03 21:57:45 | 000,000,950 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2ee02aaw.default\searchplugins\icqplugin-4.xml [2010.05.12 17:40:48 | 000,001,042 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2ee02aaw.default\searchplugins\icqplugin.xml [2011.03.06 18:39:19 | 000,001,583 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2ee02aaw.default\searchplugins\web-search.xml [2011.04.03 21:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.11.15 19:39:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.24 14:56:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.11.15 19:39:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.24 14:56:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.17 14:19:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.17 14:19:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.11 19:55:54 | 000,002,046 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml [2010.08.17 14:19:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.17 14:19:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.17 14:19:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 20:08:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe [2011.04.22 19:06:17 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.04.22 19:05:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.22 19:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.22 19:05:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.04.22 19:05:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.22 19:05:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.22 19:03:39 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\***\Documents\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.22 15:08:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.04.22 13:55:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Avira [2011.04.15 12:06:25 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 12:06:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 12:06:03 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.15 12:06:02 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 12:06:02 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 12:06:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.15 12:06:02 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 12:06:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 12:06:01 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.15 12:06:01 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.15 12:06:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.15 12:06:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.15 12:06:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.15 12:06:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.15 12:06:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.15 12:06:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.15 12:06:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.15 12:06:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 12:06:00 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.15 12:05:44 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 12:05:43 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 12:05:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 12:05:26 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 12:05:18 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 12:05:18 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.03 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.04.03 21:56:49 | 000,000,000 | -H-D | C] -- C:\Programme\ICQ7.4 [2011.04.03 21:53:17 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.03 21:50:52 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.04.03 21:50:21 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2011.04.03 21:50:21 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Apple Computer [2011.04.03 21:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.03 21:49:46 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2011.04.03 21:49:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.04.03 21:48:28 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.03 21:48:26 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.03 21:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.04.03 21:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.04.03 21:45:44 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2011.04.03 21:45:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple Computer [2011.04.03 21:44:51 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Apple [2011.04.03 21:44:44 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2011.04.03 21:41:06 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.04.03 21:40:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple [2011.04.03 21:40:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2011.04.03 21:40:03 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Desktop\^^ [2009.09.09 21:53:00 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll [2009.09.09 21:53:00 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll [2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll ========== Files - Modified Within 30 Days ========== [2011.04.22 20:08:43 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fkjgcprl.sys [2011.04.22 20:08:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe [2011.04.22 20:00:50 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B36F4AD3-A608-4EC6-BC4C-700ACC5E8E33}.job [2011.04.22 19:52:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.22 19:50:22 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.22 19:05:09 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 19:03:42 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\***\Documents\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.22 18:54:57 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44687112 [2011.04.22 18:54:55 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~44687112r [2011.04.22 18:53:42 | 000,000,336 | -H-- | M] () -- C:\ProgramData\44687112 [2011.04.22 18:53:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 18:53:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 18:53:20 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.22 18:53:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 18:53:07 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 15:19:55 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.22 14:21:36 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~43310856 [2011.04.22 14:21:35 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43310856r [2011.04.22 14:08:18 | 000,000,344 | -H-- | M] () -- C:\ProgramData\43310856 [2011.04.17 14:14:03 | 000,236,544 | -H-- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 14:02:22 | 000,390,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.16 17:40:25 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.16 17:40:25 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.16 17:40:25 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.16 17:40:24 | 000,149,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.03 21:52:59 | 000,001,038 | -H-- | M] () -- C:\Users\***\Documents\Desktop\DVDVideoSoft Free Studio.lnk [2011.03.27 21:50:01 | 007,802,934 | -H-- | M] () -- C:\Users\***\Documents\Desktop\Hitlers Propaganda PPP.odp ========== Files Created - No Company Name ========== [2011.04.22 20:08:43 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fkjgcprl.sys [2011.04.22 19:05:09 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.22 18:54:55 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~44687112r [2011.04.22 18:54:54 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44687112 [2011.04.22 18:53:42 | 000,000,336 | -H-- | C] () -- C:\ProgramData\44687112 [2011.04.22 18:53:07 | 3219,308,544 | -HS- | C] () -- C:\hiberfil.sys [2011.04.22 14:21:34 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43310856r [2011.04.22 14:21:31 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~43310856 [2011.04.22 14:08:18 | 000,000,344 | -H-- | C] () -- C:\ProgramData\43310856 [2011.04.03 21:44:49 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.03.23 22:42:59 | 007,802,934 | -H-- | C] () -- C:\Users\***\Documents\Desktop\Hitlers Propaganda PPP.odp [2009.12.14 16:48:37 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI [2009.10.21 12:02:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 12:02:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.13 13:42:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.09 10:52:51 | 000,000,680 | -H-- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.11.26 17:16:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.15 07:12:18 | 000,000,343 | ---- | C] () -- C:\Windows\System32\dmlg.dat [2008.08.27 19:52:33 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.08.27 19:52:33 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.08.27 19:52:33 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll [2008.08.27 19:52:33 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.27 19:52:30 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2008.08.10 18:32:34 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.08.06 15:50:42 | 000,236,544 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.16 03:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.04.16 03:14:56 | 000,221,184 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2008.04.16 01:44:48 | 000,004,512 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.04.16 01:37:29 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.04.16 01:37:29 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.04.16 01:11:51 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2008.04.16 01:11:51 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2008.04.16 01:00:14 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.04.15 07:48:13 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.15 07:48:13 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.15 07:48:13 | 000,149,786 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.15 07:48:13 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.15 07:40:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.04.15 07:40:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.04.15 07:40:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.04.15 07:40:39 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.04.15 07:40:39 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2007.04.24 11:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe [2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,390,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2001.11.14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > |
25.04.2011, 14:44 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...)Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
26.04.2011, 07:10 | #3 |
| TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Malwarebytes' Anti-Malware 1.50.1.1100
__________________www.malwarebytes.org Datenbank Version: 6443 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 26.04.2011 07:49:18 mbam-log-2011-04-26 (07-49-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 367385 Laufzeit: 1 Stunde(n), 54 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
26.04.2011, 11:37 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL [2011.04.22 20:08:43 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fkjgcprl.sys :Files C:\ProgramData\~* C:\ProgramData\4* :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
26.04.2011, 13:56 | #5 |
| TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Schon einmal vielen Dank! All processes killed ========== OTL ========== File C:\Windows\System32\drivers\fkjgcprl.sys not found. ========== FILES ========== C:\ProgramData\~43310856 moved successfully. C:\ProgramData\~43310856r moved successfully. C:\ProgramData\~44687112 moved successfully. C:\ProgramData\~44687112r moved successfully. C:\ProgramData\43310856 moved successfully. C:\ProgramData\44687112 moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Andi und Dolores ->Temp folder emptied: 4866067401 bytes ->Temporary Internet Files folder emptied: 70077697 bytes ->Java cache emptied: 2587724 bytes ->FireFox cache emptied: 52800778 bytes ->Flash cache emptied: 148389 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 164521378 bytes RecycleBin emptied: 1993634175 bytes Total Files Cleaned = 6.819,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04262011_144124 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
26.04.2011, 14:32 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) |
26.04.2011, 15:11 | #7 |
| TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Ich habe das Tool geladen, allerdings lässt es sich nicht ausführen. |
26.04.2011, 17:26 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Benenn den TDSS-Killer mal um in was zufälliges wie zB dfsf73.exe und probier es erneut.
__________________ Logfiles bitte immer in CODE-Tags posten |
26.04.2011, 20:41 | #9 |
| TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Hat leider nicht geholfen. |
27.04.2011, 10:15 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) Dann bitte jetzt CF ausführen, probier den TDSS-Killer danach nochmal aus. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/Kazy.mekml.1 (Eigene Datein unsichtbar, Festplattenfehler, Desktop schwarz...) |
7-zip, adblock, adobe, adobe flashplayer, antivir, avgntflt.sys, avira, avira guard, canon, dateien, desktop, explorer, fehler, fehlermeldung, festplatte, forum, infizierte, install.exe, internet, jdownloader, laptop, lexware, location, logfiles, malwarebytes, malwarefund, microsoft, microsoft office 2003, neustart, office 2007, oldtimer, plug-in, problem, problem gelöst, programm, saver, sched.exe, searchplugins, shell32.dll, software, start menu, studio, temp, tmp, trojan.fakeav, update, virus |