|
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 Auch ich bin betroffen. Eingabe OTL?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.04.2011, 07:52 | #1 |
| TR/Kazy.mekml.1 Auch ich bin betroffen. Eingabe OTL? Hallo, habe mir auch diesen Virus TR/Kazy.mekml.1 eingefangen. Ich habe im Prinzip nur das Problem, dass ich nicht weiß was ich in das OTL Tool eingeben muss, weil ich die Logfiles nicht selber auslesen kann. Der Rest wurde ja netterweise schon oft beschrieben. Danke im Voraus für eure Antworten! Auch ein riesen großes Dankeschön an das Board-Kompetenz-Team! Hier das Logfile Extras txt: OTL Extras logfile created on: 26.04.2011 08:45:57 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = D:\ Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,10 Gb Total Space | 61,96 Gb Free Space | 61,90% Space Free | Partition Type: NTFS Drive D: | 197,89 Gb Total Space | 188,50 Gb Free Space | 95,25% Space Free | Partition Type: NTFS Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-745330349-2447009524-2147196550-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{15B25B2C-1EF7-4EB1-99CC-2ABFB2B43F24}" = Investox XL Serviceupdate Version 5.9.6 "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22 "{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{49224688-E31D-46D7-8782-6856A0555DA3}" = Investox XL Serviceupdate Version 5.9.4 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02 "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{77010645-5170-4FC3-90E9-9C7EE79E45E4}" = Joulemeter "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{A2A6A590-4AEA-4944-A9C2-FCB5EF4150A9}" = Investox RTT Service-Update 2.10.5 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{BC0ECDD2-78F5-4754-9381-E4C85AB233F0}" = EASY Office "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E775DA63-C47A-4C36-A8D3-92CC457A0530}" = Investox XL Version 5.7.0 und RTT Version 2.9.7 "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3B8C819-B917-4133-B927-E365D6E89117}" = Investox RTT Service-Update 2.10.3 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FE6241A3-46EB-4D95-A33D-E52C634E818D}" = Automatic Data Mining Gate Version 6 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "DivX Setup.divx.com" = DivX-Setup "Foxit Reader" = Foxit Reader "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 9.00" = GPL Ghostscript 9.00 "Hardlock Gerätetreiber" = Hardlock Gerätetreiber "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "QuoteTracker_is1" = QuoteTracker "Redirection Port Monitor" = RedMon - Redirection Port Monitor "TeamViewer 6" = TeamViewer 6 "Trader Workstation 4.0" = Trader Workstation 4.0 "TWS Interoperability Components" = TWS Interoperability Components "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.9 "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
26.04.2011, 07:53 | #2 |
| TR/Kazy.mekml.1 Auch ich bin betroffen. Eingabe OTL? und hier das das OTL.txt:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 26.04.2011 08:45:57 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = D:\ Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,10 Gb Total Space | 61,96 Gb Free Space | 61,90% Space Free | Partition Type: NTFS Drive D: | 197,89 Gb Total Space | 188,50 Gb Free Space | 95,25% Space Free | Partition Type: NTFS Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\33087240.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\ASUS\ControlDeck\ControlDeckStartUp.exe () PRC - C:\Programme\P4G\BatteryLife.exe (ATK) PRC - C:\Programme\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Programme\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Programme\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Programme\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - D:\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Joulemeter Service) -- C:\Program Files\Microsoft Research\Joulemeter\JoulemeterService.exe (Microsoft Research) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.) DRV - (ghaio) -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ASUS) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (SafeNet Inc.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-745330349-2447009524-2147196550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?gcht=HC&o=101702&l=dis IE - HKU\S-1-5-21-745330349-2447009524-2147196550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-745330349-2447009524-2147196550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-745330349-2447009524-2147196550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C0 83 0B 0E 72 CB 01 [binary data] IE - HKU\S-1-5-21-745330349-2447009524-2147196550-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-745330349-2447009524-2147196550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.22 20:59:06 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.22 20:59:07 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 19:03:46 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.23 19:03:46 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.22 13:08:55 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.22 21:30:05 | 000,000,000 | -H-D | M] [2011.01.06 09:36:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions [2010.10.22 19:37:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.24 11:41:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\vnzzd7op.default\extensions [2011.04.26 07:02:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.13 20:01:13 | 000,000,000 | -H-D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.12.03 20:14:08 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-745330349-2447009524-2147196550-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [SysMetrix] File not found O4 - HKU\S-1-5-21-745330349-2447009524-2147196550-1000..\Run: [jhbHQbuAdnkPg] C:\ProgramData\jhbHQbuAdnkPg.exe (WinTrust) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-745330349-2447009524-2147196550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ASUS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.26 08:31:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.26 08:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.26 08:31:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.26 08:31:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.26 08:05:34 | 000,000,000 | -H-D | C] -- C:\Windows\Minidump [2011.04.26 07:29:29 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.26 07:04:42 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\jhbHQbuAdnkPg.exe [2011.04.22 22:30:31 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Local\Microsoft Research [2011.04.22 22:03:41 | 000,000,000 | -H-D | C] -- C:\Programme\Microsoft Research [2011.04.22 22:03:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Joulemeter [2011.04.22 21:25:55 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2011.04.22 21:25:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RightMark CPU Clock Utility [2011.04.22 21:19:23 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysMetrix [2011.04.22 21:19:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysMetrix [2011.04.21 10:47:56 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Roaming\vlc [2011.04.21 10:47:41 | 000,000,000 | -H-D | C] -- C:\Programme\VideoLAN [2011.04.20 22:25:17 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Roaming\Canneverbe Limited [2011.04.20 22:25:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Canneverbe Limited [2011.04.20 22:25:09 | 000,000,000 | -H-D | C] -- C:\Programme\CDBurnerXP [2011.04.20 22:19:30 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\Documents\DVDFab Passkey [2011.04.20 22:04:42 | 000,000,000 | -H-D | C] -- C:\Programme\Elaborate Bytes [2011.04.17 16:49:28 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes [2011.04.17 16:49:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.04.16 21:07:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.16 21:07:50 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 21:07:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.16 21:07:44 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.16 21:07:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.16 21:07:32 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.16 21:07:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 21:07:32 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.16 21:07:32 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 21:07:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.16 21:07:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.16 21:07:31 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 21:07:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.16 21:07:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.16 21:07:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.16 21:07:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.16 21:07:13 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.16 21:07:12 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.16 21:07:10 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.04.16 21:07:06 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.16 21:07:06 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.08 19:44:52 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.08 19:44:50 | 000,000,000 | -H-D | C] -- C:\Users\ASUS\Documents\DVDVideoSoft [2011.04.08 19:44:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.04.08 19:44:40 | 000,000,000 | -H-D | C] -- C:\Programme\DVDVideoSoft [2011.04.08 19:44:40 | 000,000,000 | -H-D | C] -- C:\Programme\Common Files\DVDVideoSoft [2011.03.29 14:28:24 | 000,102,400 | -H-- | C] (Knöpfel Software GmbH) -- C:\Windows\System32\KSESystemOptimierung5.dll [2011.03.29 14:28:24 | 000,098,304 | -H-- | C] (Knöpfel Software GmbH) -- C:\Windows\System32\KSENNTraining5.dll [2011.03.29 14:28:22 | 003,887,104 | -H-- | C] (Knöpfel Software GmbH) -- C:\Windows\System32\KSEChart5.ocx [2011.03.29 14:28:08 | 002,007,040 | -H-- | C] (Knöpfel Software GmbH) -- C:\Windows\System32\KSEOrdermodul5.dll [2011.03.29 14:28:02 | 007,536,640 | -H-- | C] (Knöpfel Software GmbH) -- C:\Windows\System32\KSEIndikatoren5.dll [2011.03.29 14:27:24 | 002,625,536 | -H-- | C] (Knöpfel Software GmbH) -- C:\Windows\System32\KSEImportExport5.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.26 08:31:51 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 08:13:08 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 08:13:08 | 000,014,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 08:07:45 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~33087240r [2011.04.26 08:07:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~33087240 [2011.04.26 08:05:39 | 000,000,336 | -H-- | M] () -- C:\ProgramData\33087240 [2011.04.26 08:05:38 | 000,487,424 | ---- | M] () -- C:\ProgramData\33087240.exe [2011.04.26 08:05:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 08:05:32 | 203,305,020 | -H-- | M] () -- C:\Windows\MEMORY.DMP [2011.04.26 08:05:27 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys [2011.04.26 07:29:29 | 000,000,631 | -H-- | M] () -- C:\Users\ASUS\Desktop\Windows Recovery.lnk [2011.04.26 07:29:27 | 000,000,336 | -H-- | M] () -- C:\ProgramData\33283848 [2011.04.26 07:29:24 | 008,405,015 | -H-- | M] () -- C:\Windows\hlktmp [2011.04.26 07:04:42 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\jhbHQbuAdnkPg.exe [2011.04.26 06:52:19 | 000,696,634 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.26 06:52:19 | 000,651,912 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.26 06:52:19 | 000,147,838 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.26 06:52:19 | 000,120,784 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 06:52:05 | 000,045,056 | -H-- | M] () -- C:\Windows\System32\acovcnt.exe [2011.04.25 20:09:27 | 000,104,402 | -H-- | M] () -- C:\Users\ASUS\Desktop\kurve.png [2011.04.22 21:04:21 | 000,007,606 | -H-- | M] () -- C:\Users\ASUS\AppData\Local\Resmon.ResmonCfg [2011.04.21 10:47:50 | 000,001,024 | -H-- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.04.20 22:25:11 | 000,001,895 | -H-- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.04.20 22:20:17 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.04.17 16:18:30 | 000,000,043 | -H-- | M] () -- C:\Users\ASUS\AppData\Roaming\1.gif [2011.04.17 08:21:32 | 000,308,040 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.08 19:44:44 | 000,001,356 | -H-- | M] () -- C:\Users\ASUS\Desktop\Free YouTube to MP3 Converter.lnk [2011.03.29 14:42:08 | 000,081,920 | -H-- | M] () -- C:\Windows\System32\KSESinoUeberwachung5.exe [2011.03.29 14:28:24 | 000,102,400 | -H-- | M] (Knöpfel Software GmbH) -- C:\Windows\System32\KSESystemOptimierung5.dll [2011.03.29 14:28:24 | 000,098,304 | -H-- | M] (Knöpfel Software GmbH) -- C:\Windows\System32\KSENNTraining5.dll [2011.03.29 14:28:22 | 003,887,104 | -H-- | M] (Knöpfel Software GmbH) -- C:\Windows\System32\KSEChart5.ocx [2011.03.29 14:28:08 | 002,007,040 | -H-- | M] (Knöpfel Software GmbH) -- C:\Windows\System32\KSEOrdermodul5.dll [2011.03.29 14:28:02 | 007,536,640 | -H-- | M] (Knöpfel Software GmbH) -- C:\Windows\System32\KSEIndikatoren5.dll [2011.03.29 14:27:24 | 002,625,536 | -H-- | M] (Knöpfel Software GmbH) -- C:\Windows\System32\KSEImportExport5.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.26 08:31:51 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 08:07:45 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~33087240r [2011.04.26 08:07:45 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~33087240 [2011.04.26 08:05:39 | 000,000,336 | -H-- | C] () -- C:\ProgramData\33087240 [2011.04.26 08:05:38 | 000,487,424 | ---- | C] () -- C:\ProgramData\33087240.exe [2011.04.26 08:05:32 | 203,305,020 | -H-- | C] () -- C:\Windows\MEMORY.DMP [2011.04.26 07:29:29 | 000,000,631 | -H-- | C] () -- C:\Users\ASUS\Desktop\Windows Recovery.lnk [2011.04.26 07:29:27 | 000,000,336 | -H-- | C] () -- C:\ProgramData\33283848 [2011.04.26 07:29:24 | 008,405,015 | -H-- | C] () -- C:\Windows\hlktmp [2011.04.23 15:28:53 | 000,104,402 | -H-- | C] () -- C:\Users\ASUS\Desktop\kurve.png [2011.04.21 10:47:50 | 000,001,024 | -H-- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.04.20 22:25:11 | 000,001,895 | -H-- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.04.20 22:25:11 | 000,001,845 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.04.20 22:05:13 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.04.17 16:18:30 | 000,000,043 | -H-- | C] () -- C:\Users\ASUS\AppData\Roaming\1.gif [2011.04.08 19:44:44 | 000,001,356 | -H-- | C] () -- C:\Users\ASUS\Desktop\Free YouTube to MP3 Converter.lnk [2011.03.29 14:42:08 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\KSESinoUeberwachung5.exe [2011.02.27 11:26:47 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\acovcnt.exe [2011.01.13 20:36:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.01.12 11:10:56 | 000,049,152 | -H-- | C] () -- C:\Windows\System32\inditool32_2.dll [2011.01.06 09:36:43 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2010.11.21 20:16:27 | 000,282,624 | -H-- | C] () -- C:\Windows\System32\DscPnt.dll [2010.11.21 20:16:27 | 000,260,464 | -H-- | C] () -- C:\Windows\SUPDRun.exe [2010.11.21 20:16:27 | 000,026,624 | -H-- | C] () -- C:\Windows\System32\spd__l.dll [2010.11.19 16:59:26 | 000,253,952 | -H-- | C] () -- C:\Windows\ddedll.dll [2010.11.12 23:28:14 | 000,028,672 | -H-- | C] () -- C:\Windows\System32\hlduinst.exe [2010.11.12 23:28:13 | 000,153,088 | -H-- | C] () -- C:\Windows\System32\UNWISE.EXE [2010.11.12 23:28:13 | 000,006,836 | -H-- | C] () -- C:\Windows\System32\UNWISE.INI [2010.10.22 22:00:39 | 000,007,606 | -H-- | C] () -- C:\Users\ASUS\AppData\Local\Resmon.ResmonCfg [2010.10.22 20:34:15 | 001,635,840 | -H-- | C] () -- C:\Windows\System32\iPostCtl.dll [2010.10.22 20:34:15 | 001,502,720 | -H-- | C] () -- C:\Windows\System32\PDFCtrl.dll [2010.10.22 20:34:14 | 001,868,288 | -H-- | C] () -- C:\Windows\System32\iFaxCtrl.dll [2010.10.22 20:34:14 | 000,072,704 | -H-- | C] () -- C:\Windows\System32\CTRLSRV.EXE [2010.10.22 19:58:10 | 000,000,042 | -H-- | C] () -- C:\Windows\ib.ini [2010.10.22 19:58:09 | 000,026,624 | -H-- | C] () -- C:\Windows\GetIe.dll [2010.10.22 19:39:27 | 000,116,224 | -H-- | C] () -- C:\Windows\System32\redmonnt.dll [2010.10.22 19:39:27 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\unredmon.exe [2010.10.22 18:05:06 | 000,000,024 | -H-- | C] () -- C:\Windows\ATKPF.ini [2010.10.22 17:40:45 | 000,148,480 | -H-- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.10.22 17:40:45 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.10.22 17:40:45 | 000,004,352 | -H-- | C] () -- C:\Windows\System32\cfgfx.ini [2010.10.22 17:40:45 | 000,000,735 | -H-- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini [2010.10.22 17:40:45 | 000,000,508 | -H-- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini [2010.03.16 17:31:32 | 000,098,304 | -H-- | C] () -- C:\Windows\System32\KSEIBUeberwachung5.exe [2009.12.03 09:27:30 | 000,080,416 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 13:16:46 | 000,475,238 | -H-- | C] () -- C:\Windows\System32\KSEBasisBerechnungen5.dll [2009.07.14 10:47:43 | 000,696,634 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,147,838 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,308,040 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,651,912 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,120,784 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.12.04 01:25:14 | 000,022,723 | -H-- | C] () -- C:\Windows\System32\sugo3l3.dll [2006.11.21 16:41:40 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\KSEConsorsÜberwachung.exe [2004.02.10 19:42:42 | 000,000,249 | -H-- | C] () -- C:\Windows\Comcenter.ini [2003.03.27 12:38:44 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\ddeimp32_2.dll [2000.08.18 12:26:08 | 000,423,424 | -H-- | C] () -- C:\Windows\System32\NWPDLL.DLL [1999.05.27 12:15:00 | 000,221,184 | -H-- | C] () -- C:\Windows\System32\TPAccess.dll < End of report > |
26.04.2011, 19:10 | #3 |
/// Malware-holic | TR/Kazy.mekml.1 Auch ich bin betroffen. Eingabe OTL? • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\ProgramData\33087240.exe () O4 - HKU\S-1-5-21-745330349-2447009524-2147196550-1000..\Run: [jhbHQbuAdnkPg] C:\ProgramData\jhbHQbuAdnkPg.exe (WinTrust) :Files C:\ProgramData\33087240.exe C:\ProgramData\jhbHQbuAdnkPg.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
Themen zu TR/Kazy.mekml.1 Auch ich bin betroffen. Eingabe OTL? |
.dll, adobe, avira, converter, desktop, error, excel, explorer, flash player, format, generic, gerätetreiber, home, install.exe, location, microsoft office word, mozilla, mozilla thunderbird, mp3, nvidia, office 2007, oldtimer, port, problem, realtek, registry, rundll, saver, scan, security, security update, shell32.dll, software, virus, windows |