TR/Kazy.mekml.1 - Mich hat es wohl auch erwischt!

SabG · 24.04.2011, 19:26

Habe hier im Forum gesucht und das exakt gleiche Problem mit denselben Symptomen wie folgender User:

"Hallo liebe User,
Ich habe mich hier nur angemeldet , weil ich diesen TR/Kazy.mekml.1 Trojaner habe und nicht weiß wie ich mit dem umgehen soll. Also ich beschreib kurz was für Probleme ich habe: Mein Bildschirm ist schwarz und lässt sich auch nicht ändern, meine ganzen Daten(Fotos,Musik,Dokumente etc...) sind weg! Meine Präsentationen und wichtige Daten für die Schule sind alle weg! Mein Laptop speichert nichts mehr ab und ich krieg ständig Meldungen das ich ein kritischen Fehler hab und da steht noch ''Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren.Dieser Fehler kann durch einen Ausfall der Hardware verursacht weren.'' oder ''Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt. Es wird empfohlen, das System neu zu starten.'' Und das wichtigste all meine Daten sind weg ! Könnt ihr mir bitte helfen ? Danke im Vorraus.

MFG Florian1"

Bitte helft mir, bin echt verzweifelt vor diesem schwarzen Bildschirm!!

cosinus · 25.04.2011, 15:55

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

SabG · 25.04.2011, 22:43

Hej, vielen Dank fürs Antworten! Hier die gesammelten Logs...

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6433

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

24.04.2011 18:02:06
mbam-log-2011-04-24 (18-02-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147800
Laufzeit: 21 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
c:\programdata\iceyochtffau.exe (Trojan.FakeAlert) -> 2264 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iCEyocHtffAu (Trojan.FakeAlert) -> Value: iCEyocHtffAu -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\iceyochtffau.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\42589960.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\xxx\AppData\Local\Temp\Low\0.6015619329339035.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\xxx\AppData\Local\Temp\Low\csrss.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\xxx\AppData\Local\Temp\Low\jar_cache14775.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

SabG · 25.04.2011, 22:44

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6433

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

25.04.2011 23:25:06
mbam-log-2011-04-25 (23-25-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 202160
Laufzeit: 1 Stunde(n), 34 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SabG · 25.04.2011, 22:45

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6443

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

25.04.2011 23:34:23
mbam-log-2011-04-25 (23-34-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148356
Laufzeit: 8 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SabG · 25.04.2011, 23:01

OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.04.2011 23:46:45 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,85 Gb Total Space | 15,78 Gb Free Space | 18,82% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (MacroGaming LTD.)
PRC - C:\Program Files\SchutzTool\SysRep.exe ()
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\SchutzTool\gescw.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (LEX_AS_NIC_SERVICE_YNOS) -- C:\Windows\System32\drivers\ExpasAG.sys (Atheros Communications, Inc.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.com/"
FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.06.22 00:13:33 | 000,000,000 | -H-D | M]
 
[2010.09.16 23:16:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2008.12.08 17:55:33 | 000,000,717 | -H-- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\ask.xml
[2009.07.11 00:43:22 | 000,000,949 | -H-- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\icqplugin-1.xml
[2009.03.28 00:17:48 | 000,000,950 | -H-- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\icqplugin.xml
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\DIVX@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
File not found (No name found) -- C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U2Y6K77D.DEFAULT\EXTENSIONS\{E9A1DEE0-C623-4439-8932-001E7D17607D}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SWEETIE Class) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (Macrogaming)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneDVDElbyDelay] C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gescw]  File not found
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SchutzTool] C:\Program Files\SchutzTool\SysRep.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (MacroGaming LTD.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Search Protection]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (MacroGaming LTD.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.25 21:48:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011.04.24 17:05:22 | 000,000,000 | -H-D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2011.04.24 17:04:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.24 17:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.24 17:04:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.24 17:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.24 17:02:53 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\sabrina griesser\Desktop\mbam-setup.exe
[2011.04.24 14:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.04.24 14:14:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.24 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.04.24 14:12:09 | 000,000,000 | -H-D | C] -- C:\Dokumente
[2011.04.24 14:11:27 | 016,409,960 | -H-- | C] (Safer Networking Limited                                    ) -- C:\Users\sabrina griesser\Desktop\spybotsd162.exe
[2011.04.22 14:12:56 | 000,000,000 | -H-D | C] -- C:\Users\XXX\Desktop\Germanwings
[2011.04.14 16:18:29 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 16:18:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 16:18:12 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 16:18:11 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 16:17:56 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 16:17:52 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 16:17:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.14 16:17:51 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 16:17:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 16:17:51 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 16:17:49 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 16:17:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 16:17:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 16:17:48 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 16:17:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 16:17:37 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 16:17:33 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 16:17:33 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2007.11.03 07:03:40 | 000,193,040 | -H-- | C] (TotalSicher Inc.) -- C:\Users\XXX\AppData\Roaming\systemerrorrepairinstallfull_de[1].exe
[2007.11.03 06:56:45 | 000,199,696 | -H-- | C] (TotalSicher Inc.) -- C:\Users\XXX\AppData\Roaming\setup_de[1].exe
[2007.07.23 18:39:20 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\XXX\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.25 23:44:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.25 23:44:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.25 21:48:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2011.04.25 21:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.24 18:04:31 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 17:05:43 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.24 17:05:43 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.24 17:05:43 | 000,149,846 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.24 17:05:43 | 000,121,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.24 17:04:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 17:03:29 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\sabrina griesser\Desktop\mbam-setup.exe
[2011.04.24 14:14:57 | 000,001,055 | -H-- | M] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk
[2011.04.24 14:13:17 | 016,409,960 | -H-- | M] (Safer Networking Limited                                    ) -- C:\Users\sabrina griesser\Desktop\spybotsd162.exe
[2011.04.15 03:36:43 | 000,382,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.12 00:46:24 | 000,002,637 | -H-- | M] () -- C:\Users\XXX\Desktop\Microsoft Office Word 2003.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.24 17:04:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 14:14:57 | 000,001,055 | -H-- | C] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk
[2010.08.15 00:43:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.01 23:02:12 | 000,000,408 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.03.01 23:00:46 | 000,000,392 | ---- | C] () -- C:\Windows\WebEye.ini
[2010.03.01 23:00:37 | 000,106,496 | ---- | C] () -- C:\Windows\JAPI.DLL
[2010.03.01 23:00:37 | 000,035,600 | ---- | C] () -- C:\Windows\AMCAP.EXE
[2010.03.01 23:00:03 | 000,172,032 | ---- | C] () -- C:\Windows\JAPI2.DLL
[2008.09.13 02:35:54 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.13 02:35:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.07 12:50:23 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.06.21 06:06:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\png1abj1.dll
[2008.02.25 21:44:36 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2008.02.25 21:44:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.02.25 21:43:43 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008.02.25 21:39:42 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2007.11.28 19:23:07 | 000,000,000 | ---- | C] () -- C:\Windows\Jesse James.ini
[2007.09.28 11:31:11 | 000,009,013 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007.09.28 11:26:04 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.23 18:39:20 | 000,081,920 | -H-- | C] () -- C:\Users\XXX\AppData\Roaming\ezpinst.exe
[2007.07.23 18:39:20 | 000,007,176 | -H-- | C] () -- C:\Users\XXX\AppData\Roaming\pcouffin.cat
[2007.07.23 18:39:20 | 000,001,144 | -H-- | C] () -- C:\Users\XXX\AppData\Roaming\pcouffin.inf
[2007.05.12 21:36:37 | 000,000,902 | -H-- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat
[2007.05.07 16:27:15 | 000,054,784 | -H-- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.14 02:37:47 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2006.12.14 02:34:10 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2006.11.27 15:07:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2006.11.27 14:46:59 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2006.11.23 20:44:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006.11.23 20:44:19 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006.11.23 20:44:19 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.23 20:44:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006.11.23 12:47:24 | 000,163,840 | ---- | C] () -- C:\Windows\System32\WLANDLL.DLL
[2006.11.23 12:22:50 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006.11.02 17:33:31 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,149,846 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,382,648 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,652 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.01.25 09:04:50 | 000,005,440 | ---- | C] () -- C:\Windows\System32\mciwa16.dll
[2002.01.25 09:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspsbext.ini
[2002.01.25 09:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspfidrv.ini
[2002.01.25 09:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspfbase.ini
[2002.01.25 09:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspaudrv.ini
[2002.01.25 09:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\pspapdrv.ini
[2002.01.25 09:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\mciwaw95.ini
[2002.01.25 09:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\mcipspwa.ini
[2002.01.25 09:04:50 | 000,000,221 | ---- | C] () -- C:\Windows\System32\mcipspct.ini
[2002.01.25 09:04:50 | 000,000,220 | ---- | C] () -- C:\Windows\System32\pspwave.ini
[2002.01.25 09:04:50 | 000,000,219 | ---- | C] () -- C:\Windows\System32\pspdss.ini
[2002.01.25 09:04:50 | 000,000,219 | ---- | C] () -- C:\Windows\System32\pspddi.ini

< End of report >

--- --- ---

SabG · 25.04.2011, 23:08

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 25.04.2011 23:46:45 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\XXX\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,85 Gb Total Space | 15,78 Gb Free Space | 18,82% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5F9899-C9FE-4B0A-AE05-8008059D7E99}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{177AD172-0406-4EDD-B4FE-E9BEE2650C0B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{404CDF8B-39DD-483C-8CE1-700CBB0D4DE6}" = protocol=6 | dir=in | app=c:\users\XXX\desktop\utorrent.exe | 
"{57612470-14B8-4106-BEC0-23C5CFFB8FD9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{590B8539-FBE3-422E-875C-74F8F17697DA}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64979D4B-9DB6-4CBB-8F6E-6F513585379E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{65D7F443-B5D9-44B6-8873-FA2C1BEAD4D3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{A1B2D6F1-43F1-452D-A4D5-7CF050F20022}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A8FD9E04-619B-4348-8872-D2D7BAA3B414}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{B0B4934E-C9C0-46DC-A0A0-11A11D2BFAD2}" = protocol=17 | dir=in | app=c:\users\XXX\desktop\utorrent.exe | 
"{CB4751DF-525B-43BF-AFE2-E6FC6107EDED}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E2A3B492-4A77-4FF2-851F-029DD6F0B761}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{0B43CFF8-30FF-4E56-B05B-6C7DCB8DC415}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{100493FC-5D4F-488B-8989-B75A7EF14598}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{2323F060-6AE4-4F5B-A70B-E14B61737F54}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{2D557292-0B7A-4DFA-8A94-81B0AF4B33C2}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{65FE45D9-8906-43FC-906E-B77EB57254D9}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{693DFC2D-55E9-4DCC-8956-F00F671CC9DB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{7B2F4D66-5DA2-45A3-B2F4-126DFE3A2E4A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{7CD51823-C451-49C5-9650-E79EC84E365D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{80C7D627-44D2-430A-9ACD-B0E502D6E5D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D6F257E6-B195-461C-ABD0-BD9A4CD0D94E}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{DEB32D06-52B8-4083-A182-CB9EBA38BB91}C:\users\XXX\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sabrina griesser\desktop\utorrent.exe | 
"TCP Query User{E60E47C7-FD83-4435-A2AB-640104805759}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{03AC88C8-CAE5-4E02-B0E8-D531880790CC}C:\users\XXX\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sabrina griesser\desktop\utorrent.exe | 
"UDP Query User{03F3E031-172B-4916-94C3-164A8ED9D245}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1EBFECE6-CFB7-4ECD-B5C7-F8807ED9665A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{264816C3-A75F-4DB6-9D18-C91AA76C6EF6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{48EB1CB9-8A6E-4D80-ACB8-9F1219CC3E67}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4E7F0D3A-5666-4B6F-BB5C-403E23AB981B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6A2B8306-7505-4B64-8A7C-6C1F409C9C13}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{8533E98A-CA89-461B-AE9A-67058B12E44C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{85C2846D-F61E-4B93-A99F-B36B2DD72421}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{AD78CF21-FF5F-446F-AF3A-B443DE5F3749}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{C1596BCE-CCB9-49F2-B971-F29DF87F416F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{E70A2065-41CC-4440-B01F-4EDFD725834E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = 
"{502358FB-0718-45BC-B142-7511F1694D58}" = Macrogaming SweetIM 2.1
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" = 
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91E30407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{97260AE9-A1EE-492E-8DCC-FD0AFF785720}" = 
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BA524348-59A6-437A-A4FB-25080BDEFCD6}" = VP-EYE
"{C183A21C-395A-490F-99D4-CCAB35E32859}" = 
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}" = Opera 9.52
"{E2B38044-AEF2-40AF-BDD8-FEDE799A8633}" = 
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F636F70D-48C6-48FF-B35F-717EB64F2193}" = PC Camera  
"{F6D63A65-BD23-46F3-B9A3-87F442423481}" = SweetIM For Internet Explorer 3.0b
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD" = CloneDVD
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Creative Media Lite" = Creative Media Lite
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GESU_is1" = SchutzTool 1.3.27.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"InstallShield_{F636F70D-48C6-48FF-B35F-717EB64F2193}" = PC Camera  
"InterActual Player" = InterActual Player
"Jesse James_is1" = Jesse James
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MainApp.exe_is1" = CloneDVD 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"RealPlayer 6.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.2
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2011 15:44:26 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.04.2011 15:44:26 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24104198
 
Error - 25.04.2011 15:44:26 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24104198
 
Error - 25.04.2011 15:44:27 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.04.2011 15:44:27 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24105321
 
Error - 25.04.2011 15:44:27 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24105321
 
Error - 25.04.2011 15:44:28 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.04.2011 15:44:28 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 24106398
 
Error - 25.04.2011 15:44:28 | Computer Name = XXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 24106398
 
Error - 25.04.2011 15:45:08 | Computer Name = XXX | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error  Initialisierung des COM-Subsystems fehlgeschlagen.
 Fehlercode: 0x8007041D
 
[ Media Center Events ]
Error - 23.07.2007 15:23:47 | Computer Name = XXX | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 07/23/2007 21:23:47
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 17.04.2008 07:57:06 | Computer Name = XXX | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 25.04.2011 08:31:59 | Computer Name = XXX | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 25.04.2011 08:32:04 | Computer Name = XXX | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 25.04.2011 08:32:09 | Computer Name = XXX | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 25.04.2011 08:32:14 | Computer Name = XXX | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 25.04.2011 08:32:19 | Computer Name = XXX | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 25.04.2011 08:32:24 | Computer Name = XXX | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 25.04.2011 09:02:30 | Computer Name = XXX| Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 25.04.2011 15:44:58 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = 
 
Error - 25.04.2011 15:45:07 | Computer Name = XXX | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2011 15:45:10 | Computer Name = XXX | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

cosinus · 26.04.2011, 11:06

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Program Files\SchutzTool\SysRep.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O4 - HKCU..\Run: [Search Protection]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\Run: [gescw]  File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SWEETIE Class) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (Macrogaming)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="
[2010.09.16 23:16:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2008.12.08 17:55:33 | 000,000,717 | -H-- | M] () -- C:\Users\sabrina griesser\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\ask.xml
[2009.07.11 00:43:22 | 000,000,949 | -H-- | M] () -- C:\Users\sabrina griesser\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\icqplugin-1.xml
[2009.03.28 00:17:48 | 000,000,950 | -H-- | M] () -- C:\Users\sabrina griesser\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\icqplugin.xml
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\DIVX@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
File not found (No name found) -- C:\USERS\sabrina griesser\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U2Y6K77D.DEFAULT\EXTENSIONS\{E9A1DEE0-C623-4439-8932-001E7D17607D}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
:Files
C:\Program Files\SchutzTool
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

SabG · 26.04.2011, 19:24

Hej Arne,
hab versucht, den OTL-Fix zu machen, das hat funktioniert bis zum Text kopieren und auf Fix klicken. Hat dann auch angefangen zu rattern, dann kam eine Meldung "konnte File nicht öffnen" (in etwa) und anschließend hat nichts mehr funktioniert. Hab dann in meiner Verzweiflung einen Neustart gemacht und jetzt sind plötzlich alle meine Daten wieder da, allerdings "benebelt".(???) Hilfe!!

cosinus · 26.04.2011, 19:32

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

SabG · 26.04.2011, 19:57

Ordner C:\_OTL in eine Datei zippen

Blöde Frage, wo soll dieser Ordner denn sein?

cosinus · 27.04.2011, 09:29

Zitat:

Blöde Frage, wo soll dieser Ordner denn sein?

Wenn du einen Ordner zipst, ist dieser Ordner samt Inahlt in eine ZIP-Datei!
Rechtsklick auf Ordner "_OTL" => Senden an => ZIP komprimierter Ordner => ZIP-Datei "_OTL.zip" liegt dann im gleichen Verzeichnis - vorher musst du vllt mal den Ordner _OTL auf den Desktop kopieren, da man idR unter Vista nichts direkt auf C: erstellen darf.

Du hast auch die Erlaubnis selbst mal nach Anleitungen zu googeln...

...zB hier => 7zip Download: mit 7-Zip Dateien packen und entpacken

SabG · 01.05.2011, 16:34

Hej Arne,
nach berufsbedingter Abwesenheit zurück zum Problem.
Eine ZIP-Datei erstellen ist glaub ich nicht die Schwierigkeit, finde aber den Ordner "_OTL" nicht.
Die Anzeige, die nach dem OTL-Fix-Versuch kam lautete übrigens "Cannot create file C:\Users\XXX\AppData\Roaming\Mozilla\FireFox\Profiles\u2y6k77d.default\prefs.js."
Hatte den Virenscanner auch deaktiviert, hab keine Ahnung, warum das nicht funktioniert.

cosinus · 01.05.2011, 16:57

Probiers mit diesem Fixscript nochmal:

Code:

ATTFilter

:OTL
PRC - C:\Program Files\SchutzTool\SysRep.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O4 - HKCU..\Run: [Search Protection]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\Run: [gescw]  File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SWEETIE Class) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (Macrogaming)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM For Internet Explorer) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
[2010.09.16 23:16:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.24 09:48:59 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\sabrina griesser\AppData\Roaming\mozilla\Firefox\Profiles\u2y6k77d.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2008.12.08 17:55:33 | 000,000,717 | -H-- | M] () -- C:\Users\sabrina griesser\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\ask.xml
[2009.07.11 00:43:22 | 000,000,949 | -H-- | M] () -- C:\Users\sabrina griesser\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\icqplugin-1.xml
[2009.03.28 00:17:48 | 000,000,950 | -H-- | M] () -- C:\Users\sabrina griesser\AppData\Roaming\Mozilla\Firefox\Profiles\u2y6k77d.default\searchplugins\icqplugin.xml
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\DIVX@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
File not found (No name found) -- C:\USERS\sabrina griesser\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U2Y6K77D.DEFAULT\EXTENSIONS\{E9A1DEE0-C623-4439-8932-001E7D17607D}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (Macrogaming)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
:Files
C:\Program Files\SchutzTool
:Commands
[purity]
[resethosts]
[emptytemp]

TR/Kazy.mekml.1 - Mich hat es wohl auch erwischt!

Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 - Mich hat es wohl auch erwischt!