Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Kazy.mekml.1' [trojan] / daten weg

TR/Kazy.mekml.1' [trojan] / daten weg


Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1' [trojan] / daten weg

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.04.2011, 19:11   #1
claudi25
 
TR/Kazy.mekml.1' [trojan] / daten weg - Standard

TR/Kazy.mekml.1' [trojan] / daten weg


Hallo an alle.
Ich hab jetzt schon ein paar hier im forum angeschrieben weil ich nicht wusste wie/wo man ein neues thema schreibt.. jedenfalls habe ich mir heute diesen TR/Kazy.mekml.1' [trojan] eingefangen.
Meine ganzen Daten waren verschwunden die habe ich jetzt durch systemsteuerung/ordneroptionen/ansicht wieder zurück jedoch sind die immer noch so verschleiert..
und immer wieder kommt diese meldung..
In der Datei 'C:\ProgramData\42983176.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.mekml.1' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern..
Was muss ich den tun um den wieder loszuwerden??
Ich hoffe jemand kennt ne lösung..
danke im vorraus ..
LG. claudi

hier der otl report.OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.04.2011 22:13:57 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\claudi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,00 Gb Total Space | 16,64 Gb Free Space | 21,89% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,79 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 148,09 Gb Total Space | 148,00 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: CLAUDI-PC | User Name: claudi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1611208305-4044436594-1985091819-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8D3DB5-1E7C-49F8-A5F3-FCF7FEA74143}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1430B45F-9F17-485F-8204-C9134987CDDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E6EFC79-2601-48CD-8412-E94F9C150C6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{210F5A06-DF2C-46CD-8C07-38D2F6E2DD99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{316599B5-42AB-4CCB-BADC-16FB208D9A12}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4E24379D-90AA-429B-ADD7-7E4819C43BB2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4EC3B61F-0711-4DA8-8A74-DF1E88F18F1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{50378E7F-822B-4956-8C8D-C1AE5D4A5E60}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7542D7FC-C0C5-4C98-92D0-676F175BEBD0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{99B3637B-0516-44ED-94CC-C27DA3846F83}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9AADB4BC-0D96-4419-BD1D-08ED557DDC0D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A1392A30-DE9E-463C-87EF-6D031BC9BEEE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BF3CE801-FDC8-46EA-B9FA-F067D8053CA9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D0721B60-CA28-4771-8098-37E7D57E1F8C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D6B417C1-C31D-471A-BDC8-7AE34479691D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D9E016B0-CDEA-45AC-81D8-E92710E921F4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DA6C308D-796B-46B7-8602-6CB3D11F045A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2A45ACD-4A92-4847-A14F-389C0532E9A6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F36EE01E-0A24-4639-9FC1-39B374A15EA4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F53A8393-6254-43D5-957F-3F067EDF3F3D}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20D29862-97CE-4633-95D3-A247FCCD17E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{25207D78-2684-43F5-A46C-05D1BA33E747}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{270DD7B9-07F2-4AB5-B88D-07B3BAA4FF2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{31DACB2E-0BD4-4DDF-9853-84587A465C51}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{4244372D-152A-4DFE-9AA2-18417E2758D5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{44F9BED5-CE6E-49AB-AD19-3594A640CA11}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{492B1CA9-F43C-400D-9998-380586E5D998}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{799759C8-89E0-4BB0-A79C-BE852AD94BDC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{85ABFA07-E74C-4A65-BDCE-8A5B21E64FED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{879576D7-DAD7-48E4-B8E7-958C671E8BAF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{8FC06EF2-58E5-46CB-B674-00F5031FC32B}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{96FDF84E-69D6-4CEA-B2D1-657C6F904C84}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"{9E103DBE-1AAB-4FE1-8C75-F21049A0F717}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe | 
"{A5589E58-3262-4629-80EF-6787EAB185D3}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{B7C37002-2A9F-4CC4-94AC-494CB089537E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BBC6648F-9C14-4E6A-B4E4-F2A47525ADE1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F342F7FC-B765-41B9-8705-D64172B1A869}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{F6117A02-5C29-43AD-BCE2-9019A345B682}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{F980F48E-2A93-4A69-9836-94C6C1762500}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FC5F06FC-B7A6-4CE1-8AC8-CDE426C779B7}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"TCP Query User{0C3318AE-D948-4392-9F7D-0248487C29B2}C:\windows\system32\presentationhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\presentationhost.exe | 
"TCP Query User{225C5713-6EF2-4974-897C-7E9D91F0E99A}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{410C82D6-E7F1-4BC3-8C97-237CB7DCECCC}C:\program files\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"TCP Query User{4EC0BFB9-4602-4BDC-9875-B7AF52A2D493}C:\program files\egames\mahjongg master 5\mjm5.exe" = protocol=6 | dir=in | app=c:\program files\egames\mahjongg master 5\mjm5.exe | 
"TCP Query User{6542C9B2-35B3-452D-A40E-5066B9491341}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E41548DC-B941-4D5E-BD4B-B9B328F2DBEA}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{26EB8226-07D7-423B-B223-2211236AF6FE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2DD19D4C-7B4B-4188-B00F-400FB8F36550}C:\program files\egames\mahjongg master 5\mjm5.exe" = protocol=17 | dir=in | app=c:\program files\egames\mahjongg master 5\mjm5.exe | 
"UDP Query User{43D65C2F-189A-4FD8-967A-5CE1E3C1E262}C:\program files\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"UDP Query User{722C3052-5B1E-4F4B-A890-0E6A1F68DF4C}C:\windows\system32\presentationhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\presentationhost.exe | 
"UDP Query User{8BA92DD3-0CAF-48AD-B704-8091A1938664}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{A2A1B29C-ED41-4F60-B6EC-A59007B6A386}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4C3EF687-803F-4825-B815-04AE32DDEB41}" = YAVIDO
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AFCF8B-3C53-49A2-8456-E637021B1031}" = Nero 8 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"MahJongg Master 5_is1" = MahJongg Master 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation)
"NVIDIA Drivers" = NVIDIA Drivers
"Obscure2" = Obscure 2
"P2P_Max Toolbar" = P2P_Max Toolbar
"Picasa 3" = Picasa 3
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2010 07:57:30 | Computer Name = *****-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/16 13:57:30]  --------------------------------------------------------
Application:
 Norman Internet Update  Node address: 192.168.1.3  --------------------------------------------------------
 
Error
 message: Running scheduled - shall not start LicWiz
 
Error - 16.04.2010 08:57:29 | Computer Name = *****-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/16 14:57:29]  --------------------------------------------------------
Application:
 Norman Internet Update  Node address: 192.168.1.3  --------------------------------------------------------
 
Error
 message: Running scheduled - shall not start LicWiz
 
Error - 16.04.2010 16:29:20 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.04.2010 16:34:16 | Computer Name = ****-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/16 22:34:16]  --------------------------------------------------------
Application:
 Norman Internet Update  Node address: 192.168.1.3  --------------------------------------------------------
 
Error
 message: Running scheduled - shall not start LicWiz
 
Error - 16.04.2010 17:34:20 | Computer Name = *****-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/16 23:34:20]  --------------------------------------------------------
Application:
 Norman Internet Update  Node address: 192.168.1.3  --------------------------------------------------------
 
Error
 message: Running scheduled - shall not start LicWiz
 
Error - 16.04.2010 18:34:24 | Computer Name = ****-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/17 00:34:24]  --------------------------------------------------------
Application:
 Norman Internet Update  Node address: 192.168.1.3  --------------------------------------------------------
 
Error
 message: Running scheduled - shall not start LicWiz
 
Error - 16.04.2010 19:34:28 | Computer Name = ****-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/17 01:34:28]  --------------------------------------------------------
Application:
 Norman Internet Update  Node address: 192.168.1.3  --------------------------------------------------------
 
Error
 message: Running scheduled - shall not start LicWiz
 
Error - 16.04.2010 20:34:34 | Computer Name = *****-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/17 02:34:34]  --------------------------------------------------------
Application:
 Norman Internet Update  Node address: 192.168.1.3  --------------------------------------------------------
 
Error
 message: Running scheduled - shall not start LicWiz
 
Error - 17.04.2010 09:06:13 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2010 09:11:03 | Computer Name = ****-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/04/17 15:11:03]  --------------------------------------------------------
Application:
 Norman Internet Update  Node address: 192.168.1.3  --------------------------------------------------------
 
Error
 message: Running scheduled - shall not start LicWiz
 
[ System Events ]
Error - 24.04.2011 09:13:50 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 24.04.2011 11:08:51 | Computer Name = *****-PC | Source = JRAID | ID = 262261
Description = Der Treiber für Gerät "\Device\Scsi\JRAID1" hat eine Portzeitüberschreitung
 aufgrund längerer mangelnder Aktivität ermittelt. Alle assoziierten Busse werden
 zurückgesetzt, um den Fehler zu beheben.
 
Error - 24.04.2011 11:27:14 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 24.04.2011 11:30:56 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 24.04.2011 11:55:14 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 24.04.2011 12:24:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 24.04.2011 12:29:51 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 24.04.2011 12:54:14 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 24.04.2011 12:59:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 24.04.2011 15:41:36 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
--- --- ---




OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.04.2011 22:13:57 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\claudi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,00 Gb Total Space | 16,64 Gb Free Space | 21,89% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,79 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 148,09 Gb Total Space | 148,00 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: CLAUDI-PC | User Name: claudi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\claudi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Norman\Npm\Bin\Zlh.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
PRC - C:\Programme\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
PRC - C:\Programme\C&E\OSD\osd.exe (C&E)
PRC - C:\Programme\Norman\Npm\Bin\nvcsched.exe (Norman ASA)
PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Norman NJeeves) -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (Norman ASA)
SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (NVCScheduler) -- C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE (Norman ASA)
SRV - (OsdService) -- C:\Programme\C&E\OSD\OsdService\OsdService.exe ()
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (CEBFilter) -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CEIO) -- C:\Programme\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cKBFilter) -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys ()
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {72ae8426-3b8d-4ead-b191-8d0ad1c62158}:1.5.46.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.26 23:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.26 23:10:38 | 000,000,000 | ---D | M]
 
[2008.09.28 21:52:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\claudi\AppData\Roaming\mozilla\Extensions
[2011.04.24 21:28:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\claudi\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions
[2009.09.03 20:11:13 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.06 17:55:44 | 000,000,000 | -H-D | M] (Free Lunch Design Toolbar) -- C:\Users\claudi\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
[2010.03.14 13:09:54 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\claudi\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008.10.25 18:56:50 | 000,000,000 | -H-D | M] (P2P Max Toolbar) -- C:\Users\claudi\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}
[2010.09.19 21:10:15 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\claudi\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.04.04 01:41:58 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\claudi\AppData\Roaming\mozilla\Firefox\Profiles\r120y33r.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.02.22 07:57:26 | 000,000,681 | -H-- | M] () -- C:\Users\claudi\AppData\Roaming\Mozilla\Firefox\Profiles\r120y33r.default\searchplugins\ask.xml
[2010.07.05 22:23:20 | 000,002,385 | -H-- | M] () -- C:\Users\claudi\AppData\Roaming\Mozilla\Firefox\Profiles\r120y33r.default\searchplugins\askcom.xml
[2010.04.04 18:02:24 | 000,000,873 | -H-- | M] () -- C:\Users\claudi\AppData\Roaming\Mozilla\Firefox\Profiles\r120y33r.default\searchplugins\conduit.xml
[2009.03.15 08:31:05 | 000,001,632 | -H-- | M] () -- C:\Users\claudi\AppData\Roaming\Mozilla\Firefox\Profiles\r120y33r.default\searchplugins\live-search.xml
[2010.03.14 13:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.18 17:20:28 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Programme\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2008.10.11 13:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2010.03.14 13:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.07.26 20:08:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.26 20:08:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.26 20:08:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.26 20:08:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.26 20:08:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Max EN Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Max EN Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Max EN Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NPCTray]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [recinfo] c:\RecInfo\recinfo.exe (fsc)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater]  File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\claudi\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O24 - Desktop BackupWallPaper: C:\Users\claudi\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{534430e6-4595-11e0-9df0-00030d806c6d}\Shell - "" = AutoRun
O33 - MountPoints2\{534430e6-4595-11e0-9df0-00030d806c6d}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{bcc0a432-9718-11de-a4a7-00030d97cd5f}\Shell\AutoRun\command - "" = G:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.24 22:08:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\claudi\Desktop\OTL.exe
[2011.04.24 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\claudi\AppData\Roaming\Malwarebytes
[2011.04.24 21:27:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.24 21:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.24 21:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.24 21:27:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.24 21:27:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.24 21:24:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\claudi\Desktop\mbam-setup(2).exe
[2011.04.24 16:43:54 | 000,368,128 | -H-- | C] (Avira GmbH) -- C:\Users\claudi\Desktop\removaltool-win32-de.exe
[2011.04.24 15:16:26 | 000,000,000 | -H-D | C] -- C:\Users\claudi\AppData\Roaming\Avira
[2011.04.15 15:46:21 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 15:46:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:45:44 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:45:44 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:45:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:45:08 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 15:45:08 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.15 15:45:06 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:44:58 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 15:44:58 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 15:44:58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 15:44:58 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 15:44:57 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 15:44:57 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.24 22:08:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\claudi\Desktop\OTL.exe
[2011.04.24 22:00:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.24 21:49:00 | 000,631,670 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.24 21:49:00 | 000,598,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.24 21:49:00 | 000,128,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.24 21:49:00 | 000,105,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.24 21:41:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 21:41:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.24 21:41:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.24 21:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.24 21:40:51 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 21:39:53 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.24 21:27:31 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 21:24:43 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\claudi\Desktop\mbam-setup(2).exe
[2011.04.24 18:00:11 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2011.04.24 18:00:10 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for claudi.job
[2011.04.24 16:51:11 | 049,849,560 | -H-- | M] () -- C:\Users\claudi\Desktop\avira_antivir_personal_de(2).exe
[2011.04.24 16:43:54 | 000,368,128 | -H-- | M] (Avira GmbH) -- C:\Users\claudi\Desktop\removaltool-win32-de.exe
[2011.04.24 15:07:14 | 000,031,966 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.24 15:07:14 | 000,031,966 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.24 14:34:50 | 000,260,032 | -H-- | M] () -- C:\Windows\KernelMessage
[2011.04.17 19:36:46 | 000,296,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.06 15:02:54 | 000,000,440 | -H-- | M] () -- C:\Users\claudi\AppData\Roaming\wklnhst.dat
[2011.03.30 22:52:01 | 000,054,784 | -H-- | M] () -- C:\Users\claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.26 03:01:27 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.24 21:27:31 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 16:50:46 | 049,849,560 | -H-- | C] () -- C:\Users\claudi\Desktop\avira_antivir_personal_de(2).exe
[2009.12.26 19:32:56 | 000,031,966 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.12.26 19:32:46 | 000,031,966 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009.12.26 19:06:27 | 000,000,680 | -H-- | C] () -- C:\Users\claudi\AppData\Local\d3d9caps.dat
[2009.09.24 15:47:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 15:47:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.04 03:02:03 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.06.04 03:00:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.06.04 02:59:45 | 000,000,036 | -H-- | C] () -- C:\Users\claudi\AppData\Roaming\swk.ini
[2009.05.17 22:17:15 | 000,753,456 | ---- | C] () -- C:\Windows\System32\drivers\BisonCam.sys
[2009.05.17 22:17:15 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2009.03.25 13:37:12 | 000,000,990 | -H-- | C] () -- C:\Users\claudi\AppData\Local\RT73_{87462210-6BAB-41E4-BCFE-7A325C0077FE}_wsc
[2009.03.25 13:31:42 | 000,000,786 | -H-- | C] () -- C:\Users\claudi\AppData\Local\RT73_{1648D51E-22F3-4CC0-ADCB-D396F8916B2A}_prof
[2009.03.21 22:17:04 | 000,000,835 | -H-- | C] () -- C:\Users\claudi\AppData\Local\RT73_{1648D51E-22F3-4CC0-ADCB-D396F8916B2A}_sta
[2009.03.21 22:15:04 | 000,000,990 | -H-- | C] () -- C:\Users\claudi\AppData\Local\RT73_{1648D51E-22F3-4CC0-ADCB-D396F8916B2A}_wsc
[2009.03.21 21:58:47 | 000,000,990 | -H-- | C] () -- C:\Users\claudi\AppData\Local\RT73_{D154123F-0D6E-4382-9FDD-A5FF90C32AA3}_wsc
[2009.03.21 21:58:41 | 000,000,827 | -H-- | C] () -- C:\Users\claudi\AppData\Local\RT73_{D154123F-0D6E-4382-9FDD-A5FF90C32AA3}_sta
[2009.03.21 21:58:37 | 000,000,805 | -H-- | C] () -- C:\Users\claudi\AppData\Local\RT73_{D154123F-0D6E-4382-9FDD-A5FF90C32AA3}_prof
[2009.03.08 20:56:23 | 000,000,440 | -H-- | C] () -- C:\Users\claudi\AppData\Roaming\wklnhst.dat
[2008.12.08 18:08:54 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.12.08 18:08:54 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.09.14 12:23:00 | 000,027,430 | -H-- | C] () -- C:\Users\claudi\AppData\Roaming\nvModes.001
[2008.09.14 00:36:07 | 000,027,430 | -H-- | C] () -- C:\Users\claudi\AppData\Roaming\nvModes.dat
[2008.09.13 18:03:00 | 000,054,784 | -H-- | C] () -- C:\Users\claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.12 21:06:50 | 000,031,007 | -H-- | C] () -- C:\Users\claudi\AppData\Roaming\UserTile.png
[2008.09.11 21:07:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.11 21:03:17 | 000,000,238 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.08.07 09:43:22 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.02.29 14:13:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 09:15:58 | 000,631,670 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,128,034 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,296,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,105,340 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.05.13 11:16:19 | 000,356,352 | ---- | C] () -- C:\Windows\System32\xvid.dll
[1998.07.06 00:00:00 | 000,064,512 | ---- | C] () -- C:\Windows\System32\MSCC2DE.DLL
 
========== LOP Check ==========
 
[2010.09.19 21:10:15 | 000,000,000 | -H-D | M] -- C:\Users\claudi\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.25 06:12:41 | 000,000,000 | -H-D | M] -- C:\Users\claudi\AppData\Roaming\LimeWire
[2008.09.12 21:06:50 | 000,000,000 | -H-D | M] -- C:\Users\claudi\AppData\Roaming\PeerNetworking
[2010.03.02 21:16:51 | 000,000,000 | -H-D | M] -- C:\Users\claudi\AppData\Roaming\PhotoFiltre
[2009.03.08 20:56:24 | 000,000,000 | -H-D | M] -- C:\Users\claudi\AppData\Roaming\Template
[2009.02.24 19:30:07 | 000,000,000 | -H-D | M] -- C:\Users\claudi\AppData\Roaming\Zylom
[2011.04.24 21:39:54 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---


und der bericht von malwarebytes.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6435

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24.04.2011 22:31:16
mbam-log-2011-04-24 (22-31-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150745
Laufzeit: 4 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

 

Themen zu TR/Kazy.mekml.1' [trojan] / daten weg
.exe, aktion, avgntflt.sys, busse, conduit, datei, daten, daten weg, excel.exe, forum, gefunde, google chrome, heute, hoffe, immer wieder, install.exe, intranet, location, loszuwerden, microsoft office word, neues, nvlddmkm.sys, office 2007, oldtimer, picasa, plug-in, presentationhost.exe, programm, saver, sched.exe, searchplugins, security update, shell32.dll, shortcut, sicht, start menu, systems, thema, tr/kazy.mekml.1, troja, trojan, unerwünschtes, unerwünschtes programm, verschwunden, virus, zugriff


« 3 Objekte Trojan.Spyeyes mit Malwarebytes gefunden | Nach Neuaufsetzung des Systems erscheint weiterhin Windows Recovery »


Ähnliche Themen: TR/Kazy.mekml.1' [trojan] / daten weg


  1. noch ein 'TR/Kazy.mekml.1' [trojan]
    Log-Analyse und Auswertung - 24.05.2011 (38)
  2. TR/Kazy.mekml.1' [trojan
    Log-Analyse und Auswertung - 20.05.2011 (21)
  3. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (5)
  4. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  5. Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !
    Log-Analyse und Auswertung - 11.05.2011 (38)
  6. TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (38)
  7. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (29)
  8. Kazy.mekml.1 auf dem PC und alle Daten sind weg
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (13)
  9. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  10. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (14)
  11. Beschädigte Dateien lassen sich nicht öffnen (zuvor TR/Kazy.mekml.1' [trojan] auf den Pc gehabt)
    Log-Analyse und Auswertung - 28.04.2011 (1)
  12. TR/Kazy.mekml.1, festplatten cluster beschädigt, daten nicht mehr lesbar, schwarzer hintergrund
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  13. Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runter
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  14. TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (17)
  15. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  16. TR/Kazy.mekml.1' [trojan] / daten weg
    Mülltonne - 24.04.2011 (1)
  17. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Kazy.mekml.1' [trojan] / daten weg - Hallo an alle. Ich hab jetzt schon ein paar hier im forum angeschrieben weil ich nicht wusste wie/wo man ein neues thema schreibt.. jedenfalls habe ich mir heute diesen TR/Kazy.mekml.1' - TR/Kazy.mekml.1' [trojan] / daten weg...
Archiv
Du betrachtest: TR/Kazy.mekml.1' [trojan] / daten weg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131