| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekml.1 gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.04.2011, 10:37
| #1 |
| |  TR/Kazy.mekml.1 gefunden Hallo, ich bin neu hier im Forum und habe ein Problem: Wie bei vielen anderen Usern hat auch mein PC den Virus TR/Kazy.mekml.1 gefunden.  Mein Hintergrundbild wird Schwarz und alle Icons auf dem Desktop verschwinden. Die OTL- und Malwarebyte-Logs poste Ich gleich noch. LG-Tobin OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2011 11:41:32 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 453,34 Gb Total Space | 392,76 Gb Free Space | 86,64% Space Free | Partition Type: NTFS Drive D: | 12,42 Gb Total Space | 1,72 Gb Free Space | 13,84% Space Free | Partition Type: NTFS Drive E: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\41803528.exe () PRC - C:\ProgramData\vKECjCxHfiQS.exe (WinTrust) PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\WerFault.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\wsqmcons.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Programme\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avmeject) -- C:\WINDOWS\System32\drivers\avmeject.sys (AVM Berlin) DRV - (fwlanusbn) -- C:\WINDOWS\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SymIM) -- C:\WINDOWS\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [vKECjCxHfiQS] C:\ProgramData\vKECjCxHfiQS.exe (WinTrust) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.23 06:38:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.05.25 06:16:57 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{63410d67-6cdb-11e0-b27d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{63410d67-6cdb-11e0-b27d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010.05.25 06:16:57 | 002,505,256 | ---- | M] () O33 - MountPoints2\{7b4d905d-6cdc-11e0-9550-0023546094f3}\Shell - "" = AutoRun O33 - MountPoints2\{7b4d905d-6cdc-11e0-9550-0023546094f3}\Shell\AutoRun\command - "" = J:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.26 11:40:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.04.25 18:02:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Avira [2011.04.25 17:38:24 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.25 17:28:20 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe [2011.04.22 21:52:16 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II [2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\StarCraft II [2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\Programme\Common Files\Blizzard Entertainment [2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Blizzard Entertainment [2011.04.22 21:37:10 | 000,000,000 | -H-D | C] -- C:\Users\***\Games [2011.04.22 19:33:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio [2011.04.22 19:04:53 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.04.22 19:04:53 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.04.22 19:04:53 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.04.22 17:57:16 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.04.22 17:27:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\WindowsUpdate [2011.04.22 17:07:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.04.22 17:03:40 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2011.04.22 17:03:39 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2011.04.22 17:03:38 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2011.04.22 17:03:38 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2011.04.22 17:03:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2011.04.22 17:03:36 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2011.04.22 16:58:05 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.04.22 16:58:02 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.04.22 16:55:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2011.04.22 16:55:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2011.04.22 16:53:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.04.22 16:53:44 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.04.22 16:53:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.04.22 16:53:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.04.22 16:53:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.04.22 16:53:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.04.22 16:53:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.04.22 16:53:42 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.04.22 16:53:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.04.22 16:53:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.04.22 16:53:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.04.22 16:53:37 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.04.22 16:53:37 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.04.22 16:53:37 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.04.22 16:53:36 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.04.22 16:53:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.04.22 16:50:38 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2011.04.22 16:50:38 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2011.04.22 16:50:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2011.04.22 16:50:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2011.04.22 16:50:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2011.04.22 16:50:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2011.04.22 16:50:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2011.04.22 16:50:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.04.22 16:49:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.04.22 16:48:29 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2011.04.22 16:48:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2011.04.22 16:48:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2011.04.22 16:48:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2011.04.22 16:48:27 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.04.22 16:47:34 | 002,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.04.22 16:47:33 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2011.04.22 16:47:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2011.04.22 16:47:32 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2011.04.22 16:46:41 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2011.04.22 16:46:38 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2011.04.22 16:42:06 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2011.04.22 16:41:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2011.04.22 16:41:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2011.04.22 16:41:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2011.04.22 16:41:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.04.22 16:38:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.04.22 16:38:13 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2011.04.22 16:38:13 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.04.22 16:38:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.04.22 16:38:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2011.04.22 16:38:02 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2011.04.22 16:38:01 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.22 16:38:01 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.22 16:38:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx [2011.04.22 16:38:00 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2011.04.22 16:38:00 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2011.04.22 16:36:41 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2011.04.22 16:36:40 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2011.04.22 16:36:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.22 16:36:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.22 16:36:05 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.04.22 16:36:05 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.04.22 16:36:05 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.04.22 16:36:04 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.04.22 16:36:04 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.04.22 16:36:04 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.04.22 16:36:04 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011.04.22 16:36:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.04.22 16:36:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.04.22 16:35:55 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2011.04.22 16:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.04.22 16:29:37 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll [2011.04.22 16:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2011.04.22 16:28:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.04.22 16:28:39 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2011.04.22 16:00:19 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8 [2011.04.22 15:59:39 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2011.04.22 15:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.04.22 15:59:14 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.04.22 15:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.04.22 15:40:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.04.22 15:40:26 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.22 15:40:26 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.04.22 15:40:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira [2011.04.22 15:40:25 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.04.22 15:02:17 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2011.04.22 15:02:17 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2011.04.22 15:02:09 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2011.04.22 15:02:09 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2011.04.22 15:02:09 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2011.04.22 15:02:05 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2011.04.22 15:02:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2011.04.22 15:01:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2011.04.22 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2011.04.22 15:00:37 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick [2011.04.22 15:00:27 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys [2011.04.22 14:42:33 | 000,077,824 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.dll [2011.04.22 14:42:32 | 000,440,832 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusbn.sys [2011.04.22 14:42:32 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2011.04.22 14:42:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AVM_Driver [2011.04.22 14:38:48 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Hewlett-Packard [2011.04.22 14:38:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ATI [2011.04.22 14:38:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\ATI [2011.04.22 14:38:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Symantec [2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\Searches [2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.04.22 14:37:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Identities [2011.04.22 14:37:55 | 000,000,000 | RH-D | C] -- C:\Users\***\Contacts [2011.04.22 14:37:53 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\VirtualStore [2011.04.22 14:37:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.04.22 14:37:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Adobe [2011.04.22 14:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2011.04.22 14:37:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2011.04.22 14:36:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Hewlett-Packard [2011.04.22 14:36:13 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Adobe [2011.04.22 14:36:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Adobe [2011.04.22 14:35:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2011.04.22 14:35:49 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2011.04.22 14:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Benutzerhandbücher [2011.04.22 14:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Testen Sie Microsoft Office 2007 60 Tage lang [2011.04.22 14:35:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2011.04.22 14:34:28 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Videos [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Saved Games [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Pictures [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Music [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Links [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Favorites [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Downloads [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Documents [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Desktop [2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Temp [2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Microsoft [2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Programme [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.04.22 14:28:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.04.22 14:26:22 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2011.04.26 11:40:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.04.26 11:29:25 | 000,623,030 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.26 11:29:25 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.26 11:29:25 | 000,125,172 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.26 11:29:25 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 11:22:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 11:22:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 11:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 11:22:09 | 3219,591,168 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 17:39:25 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~41803528r [2011.04.25 17:39:25 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~41803528 [2011.04.25 17:38:24 | 000,000,589 | -H-- | M] () -- C:\Users\***\Desktop\Windows Recovery.lnk [2011.04.25 17:38:19 | 000,000,344 | -H-- | M] () -- C:\ProgramData\41803528 [2011.04.25 17:38:18 | 000,487,424 | ---- | M] () -- C:\ProgramData\41803528.exe [2011.04.25 17:28:19 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe [2011.04.25 11:34:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.04.22 21:51:40 | 000,000,907 | -H-- | M] () -- C:\Users\***\Desktop\StarCraft II.lnk [2011.04.22 19:50:52 | 000,409,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.22 18:50:13 | 000,262,144 | ---- | M] () -- C:\Windows\SPInstall.etl [2011.04.22 17:22:45 | 000,000,680 | -H-- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.04.22 15:35:26 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll [2011.04.22 14:37:50 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat [2011.04.22 14:35:42 | 000,001,853 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_CPC_FL314AA-ABD SR5634DE_YC_0Pres_Q3CR844_E84CEv3PrA1_49_INARRA3_SPEGATRON CORPORATION_V3.02_B5.17_T081009_WUH1_L407_M3070_J500_7AMD_8Phenom 8600 Triple-Core_92.3_#090224_N10DE03EF_Z_G10029598.MRK [2011.04.22 14:33:06 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2011.04.25 17:39:25 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~41803528r [2011.04.25 17:39:25 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~41803528 [2011.04.25 17:38:24 | 000,000,589 | -H-- | C] () -- C:\Users\***\Desktop\Windows Recovery.lnk [2011.04.25 17:38:19 | 000,000,344 | -H-- | C] () -- C:\ProgramData\41803528 [2011.04.25 17:38:17 | 000,487,424 | ---- | C] () -- C:\ProgramData\41803528.exe [2011.04.25 11:34:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.04.22 21:37:48 | 000,000,907 | -H-- | C] () -- C:\Users\***\Desktop\StarCraft II.lnk [2011.04.22 18:49:04 | 000,262,144 | ---- | C] () -- C:\Windows\SPInstall.etl [2011.04.22 16:53:38 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.04.22 16:53:38 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.04.22 16:53:38 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.04.22 15:00:50 | 000,013,099 | R--- | C] () -- C:\Windows\instwcli.inf [2011.04.22 14:50:29 | 000,000,680 | -H-- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.04.22 14:42:32 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2011.04.22 14:38:11 | 000,000,955 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.04.22 14:38:05 | 000,000,950 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011.04.22 14:37:55 | 000,000,921 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011.04.22 14:37:50 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat [2011.04.22 14:37:29 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2011.04.22 14:36:08 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2011.04.22 14:35:34 | 000,001,853 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_CPC_FL314AA-ABD SR5634DE_YC_0Pres_Q3CR844_E84CEv3PrA1_49_INARRA3_SPEGATRON CORPORATION_V3.02_B5.17_T081009_WUH1_L407_M3070_J500_7AMD_8Phenom 8600 Triple-Core_92.3_#090224_N10DE03EF_Z_G10029598.MRK [2011.04.22 14:35:18 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk [2011.04.22 14:35:14 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk [2011.04.22 14:35:14 | 000,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Für Kinder.lnk [2011.04.22 14:34:28 | 000,001,258 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk [2011.04.22 14:24:07 | 3219,591,168 | -HS- | C] () -- C:\hiberfil.sys [2008.08.23 16:03:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.08.23 16:03:47 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.08.23 16:03:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.08.23 16:03:47 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.08.23 16:03:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.08.23 16:03:47 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.08.23 15:50:47 | 000,623,030 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.08.23 15:50:47 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.08.23 15:50:47 | 000,125,172 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.08.23 15:50:47 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.08.23 06:55:13 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2008.08.23 06:39:34 | 000,115,774 | ---- | C] () -- C:\Windows\hpqins13.dat [2008.08.23 06:13:49 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2008.08.23 06:13:49 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2008.08.23 06:08:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.01.21 04:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,409,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,591,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,102,996 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2011 11:41:32 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,34 Gb Total Space | 392,76 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
Drive D: | 12,42 Gb Total Space | 1,72 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive E: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC0FFA70-8BCB-48A7-8F83-2A06D5814D8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A8A5F62-6AF7-45D6-A1B4-E1B25F70FE6F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F7D1F98-8FE7-4F10-B988-EF6030B4B3B8}" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\starcraft ii.exe |
"{BDB63345-54FD-41B4-B5AF-98035A9CCE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E54B1383-3F05-4511-AFB4-BB8B20705669}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E73B444B-B70D-4170-BFE5-CEE8A26E7787}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F284BDF7-4184-4FB6-A8E0-C2400BBC0F8A}" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\starcraft ii.exe |
"{FF447A34-4671-4658-A9EF-696B40774F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{51BF56A0-A347-4FF5-84FA-CFF54C7FEE9B}C:\users\***\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{5A75A92F-E49C-4110-9C94-C79E4931B9C0}C:\users\***\games\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{04707055-B8D6-473B-A63D-EA6682052382}C:\users\***\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{CA98683A-1446-4AFD-8048-B046D25791F1}C:\users\***\games\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\versions\base18092\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0136FBFC-3519-4989-DB99-877B235CC2E0}" = Catalyst Control Center Localization Polish
"{01C8D40E-AED4-B5E8-D219-23647DB50D20}" = Catalyst Control Center Localization Turkish
"{03881930-4D06-344A-ED3C-8A586C499596}" = Catalyst Control Center Graphics Full Existing
"{08C8BF62-64E3-F94F-D3F7-F8D87C5561DF}" = CCC Help Russian
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{166BA127-8FF0-9292-03B1-6A2A820F89E1}" = ATI Catalyst Install Manager
"{19B87564-DE23-E660-0CF9-242584095D07}" = CCC Help English
"{1C158357-6B36-9CD5-58BE-F91F83348766}" = Skins
"{1CBC7616-8CD5-48A6-904B-9060ECBA8ABD}" = CCC Help Turkish
"{1D594C94-84C7-4153-DB02-C052AE52731F}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21F41E5F-BC7E-DEBA-4055-22B647A4C1EF}" = Catalyst Control Center Localization Norwegian
"{22148913-F136-C621-CD3A-284C5AC009C0}" = Catalyst Control Center Localization Greek
"{22BB0F0F-6D99-22F5-FF0A-2361C7719C6A}" = CCC Help Chinese Traditional
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2379A8F5-BA36-C701-956B-D34530C61961}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26EC9601-D617-02AE-ABE1-F68B8560C408}" = Catalyst Control Center InstallProxy
"{2D3E5692-FE93-2920-9C6F-3AEBFA5359E8}" = CCC Help Japanese
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{2FF0A015-DE51-BB1D-4CE3-6EDFC6E8A8E6}" = Catalyst Control Center Graphics Previews Common
"{303F26F5-FB3A-43BC-CE6D-3F08FE97B0D6}" = CCC Help Hungarian
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{393CC6C1-0390-99FD-1DA5-B831959BE347}" = Catalyst Control Center Localization Czech
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DCAC530-48B6-EADD-AB19-608E1FE7A7E5}" = CCC Help Swedish
"{3E08B2FA-0A22-FAED-136A-5EFD32A12D8B}" = Catalyst Control Center Localization German
"{3F00BB04-1FBF-5A1F-DC2D-14CF5F3267CA}" = Catalyst Control Center Localization Russian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{51566A36-1DD1-CA73-B66C-4A3362F32EA0}" = Catalyst Control Center Localization Japanese
"{5A134575-EE63-91E9-C6B0-60A6A95C8E28}" = CCC Help German
"{5B61CE81-E7A8-6B0A-8BF9-6D5DDDF32ABB}" = Catalyst Control Center Localization French
"{5CC09697-2668-2628-E55F-132FD5295061}" = Catalyst Control Center Graphics Previews Vista
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6C8B65B8-1804-033C-0DF2-0141ABC31AFC}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7720C701-DCEA-8681-F19D-ABF8F71E71D6}" = CCC Help Greek
"{79A7C14F-87FB-D194-5206-3DE360BF6778}" = CCC Help Spanish
"{81FD3A08-36E9-FD60-D966-61E92BC28B1A}" = Catalyst Control Center Localization Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{957DFC8D-C41C-7548-5E8A-A6D64310831C}" = Catalyst Control Center Localization Spanish
"{96F32F32-9869-37A1-9E6B-E09DBC6A167E}" = Catalyst Control Center Graphics Light
"{97993BF5-2EBA-B819-6887-249DF3C4516F}" = Catalyst Control Center Localization Swedish
"{983DEE06-316F-D636-78CD-C861B03369E7}" = Catalyst Control Center Localization Hungarian
"{9AD8869D-DC8A-8148-F9CA-C7E39B6B8B6F}" = Catalyst Control Center Localization Chinese Standard
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E3F7E39-9370-80D0-35BC-C082E07094F2}" = Catalyst Control Center Graphics Full New
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A51781E3-8F27-EBBC-CF3E-FFCFD5ADD131}" = CCC Help French
"{A5A042B2-7E3C-8933-5464-EFFE2DFA3592}" = CCC Help Polish
"{A7D36A5C-6E73-859C-9112-D046B2CEDCDB}" = Catalyst Control Center Localization Italian
"{AC3F7802-D1C9-0A33-A942-DC5E6F9D796E}" = Catalyst Control Center Localization Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE140B16-AE8C-8BB0-D518-00ECB4CF7D03}" = CCC Help Thai
"{AE219DD8-1BBA-6EBE-D425-7C2C4D998FF1}" = ccc-core-static
"{AFC3D130-069B-12FE-83EF-1DADC765ECEA}" = CCC Help Chinese Standard
"{B11022C0-D0A5-3B00-DDA7-83C147EBB888}" = Catalyst Control Center Localization Portuguese
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BB510D08-023C-31F2-0314-CD09ECBADA6F}" = CCC Help Finnish
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7724EFE-4992-F2F9-2B90-B567837C4FB0}" = Catalyst Control Center Localization Danish
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA4110E-F079-AE5C-37C6-D708BCAA9D8A}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D47C1EC7-3C98-06CA-5984-E80488024F20}" = Catalyst Control Center Localization Korean
"{D4A1A861-F3C5-569E-364F-CE63751CC266}" = Catalyst Control Center Core Implementation
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAA19C88-9787-33FB-8931-50F727AB48D3}" = CCC Help Danish
"{E0CBCABF-1A89-2225-5030-B2477AE952D5}" = CCC Help Norwegian
"{E2DA8D90-592E-3DE6-2361-A869AB473101}" = CCC Help Italian
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFA52078-2BB4-A3AA-27EB-171F84B64126}" = Catalyst Control Center Localization Dutch
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F41C8F4B-E359-2FF3-4C72-AD86EA5C690D}" = CCC Help Korean
"{FD9A2359-5EFB-56D0-BA76-C2F88D6693A1}" = Catalyst Control Center Localization Finnish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"StarCraft II" = StarCraft II
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"WildTangent hp Master Uninstall" = My HP Games
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.04.2011 11:17:09 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 22.04.2011 11:21:54 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2011 11:24:13 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =
Error - 22.04.2011 11:33:40 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 22.04.2011 11:37:28 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2011 12:01:27 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2011 12:25:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2011 12:49:28 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 22.04.2011 13:02:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2011 13:16:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "" aus.
Error - 22.04.2011 14:10:01 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.
Error - 22.04.2011 14:10:37 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 22.04.2011 14:11:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Hier das Malwarebytes Logfile: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6447 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 26.04.2011 13:04:56 mbam-log-2011-04-26 (13-04-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 287195 Laufzeit: 49 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 8 Infizierte Speicherprozesse: c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> 3012 -> Unloaded process successfully. c:\programdata\41803528.exe (Trojan.FakeAlert) -> 3276 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKECjCxHfiQS (Trojan.FakeAlert) -> Value: vKECjCxHfiQS -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\41803528.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\FNID4LBS\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\virtualized\C\Users\***\Desktop\null0.5308003643368937.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\Low\jar_cache45453.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. |
|
26.04.2011, 18:10
| #2 |
| /// Malware-holic   | TR/Kazy.mekml.1 gefunden • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\ProgramData\41803528.exe () PRC - C:\ProgramData\vKECjCxHfiQS.exe (WinTrust) O4 - HKCU..\Run: [vKECjCxHfiQS] C:\ProgramData\vKECjCxHfiQS.exe (WinTrust) [2011.04.25 17:38:24 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.25 17:39:25 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~41803528r [2011.04.25 17:39:25 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~41803528 [2011.04.25 17:38:19 | 000,000,344 | -H-- | M] () -- C:\ProgramData\41803528 [2011.04.25 17:38:18 | 000,487,424 | ---- | M] () -- C:\ProgramData\41803528.exe :Files C:\ProgramData\vKECjCxHfiQS.exe C:\ProgramData\41803528.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
27.04.2011, 08:54
| #3 |
| | TR/Kazy.mekml.1 gefunden Ok, danke schonmal für die Hilfe!
__________________Hier das Textdokument: All processes killed ========== OTL ========== No active process named 41803528.exe was found! No active process named vKECjCxHfiQS.exe was found! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vKECjCxHfiQS not found. File C:\ProgramData\vKECjCxHfiQS.exe not found. Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery\ not found. C:\ProgramData\~41803528r moved successfully. C:\ProgramData\~41803528 moved successfully. C:\ProgramData\41803528 moved successfully. File C:\ProgramData\41803528.exe not found. ========== FILES ========== File\Folder C:\ProgramData\vKECjCxHfiQS.exe not found. File\Folder C:\ProgramData\41803528.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: *** ->Flash cache emptied: 2865 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: *** ->Temp folder emptied: 20043681 bytes ->Temporary Internet Files folder emptied: 263276516 bytes ->Java cache emptied: 110155 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4206739 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 274,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04272011_094538 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
27.04.2011, 09:31
| #4 |
| /// Malware-holic | TR/Kazy.mekml.1 gefunden upload hat geklappt. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.04.2011, 09:56
| #5 |
| | TR/Kazy.mekml.1 gefunden Der Virus ist bei mir wieder aufgetaucht! ComboFix habe Ich noch nicht benutzt. Was soll Ich tun? Einfach nochmal OTL-Logs und Malwarebytes Logs posten? |
|
| Themen zu TR/Kazy.mekml.1 gefunden |
| andere, anderen, avgntflt.sys, desktop, excel.exe, forum, gefunde, hintergrundbild, icons, install.exe, intranet, jar_cache, location, microsoft office word, neu, office 2007, oldtimer, plug-in, poste, problem, saver, sched.exe, schwarz, shell32.dll, shortcut, start menu, tr/kazy.mekml.1, usern, virus |
Linear-Darstellung
