Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Kazy.mekml.1 gefunden

TR/Kazy.mekml.1 gefunden


Log-Analyse und Auswertung: TR/Kazy.mekml.1 gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.04.2011, 10:37   #1
Tobin
 
TR/Kazy.mekml.1 gefunden - Standard

TR/Kazy.mekml.1 gefunden


Hallo,
ich bin neu hier im Forum und habe ein Problem: Wie bei vielen anderen Usern hat auch mein PC den Virus TR/Kazy.mekml.1 gefunden.

Mein Hintergrundbild wird Schwarz und alle Icons auf dem Desktop verschwinden. Die OTL- und Malwarebyte-Logs poste Ich gleich noch.

LG-Tobin

OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2011 11:41:32 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,34 Gb Total Space | 392,76 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
Drive D: | 12,42 Gb Total Space | 1,72 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive E: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\41803528.exe ()
PRC - C:\ProgramData\vKECjCxHfiQS.exe (WinTrust)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wsqmcons.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Programme\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avmeject) -- C:\WINDOWS\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (fwlanusbn) -- C:\WINDOWS\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SymIM) -- C:\WINDOWS\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Presario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [vKECjCxHfiQS] C:\ProgramData\vKECjCxHfiQS.exe (WinTrust)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.23 06:38:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.25 06:16:57 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{63410d67-6cdb-11e0-b27d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63410d67-6cdb-11e0-b27d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010.05.25 06:16:57 | 002,505,256 | ---- | M] ()
O33 - MountPoints2\{7b4d905d-6cdc-11e0-9550-0023546094f3}\Shell - "" = AutoRun
O33 - MountPoints2\{7b4d905d-6cdc-11e0-9550-0023546094f3}\Shell\AutoRun\command - "" = J:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.26 11:40:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.25 18:02:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.04.25 17:38:24 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.25 17:28:20 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe
[2011.04.22 21:52:16 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\StarCraft II
[2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2011.04.22 21:37:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.04.22 21:37:10 | 000,000,000 | -H-D | C] -- C:\Users\***\Games
[2011.04.22 19:33:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2011.04.22 19:04:53 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.04.22 19:04:53 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.04.22 19:04:53 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.04.22 17:57:16 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.04.22 17:27:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\WindowsUpdate
[2011.04.22 17:07:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.04.22 17:03:40 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011.04.22 17:03:39 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011.04.22 17:03:38 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011.04.22 17:03:38 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011.04.22 17:03:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011.04.22 17:03:36 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011.04.22 16:58:05 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.04.22 16:58:02 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.04.22 16:55:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011.04.22 16:55:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.04.22 16:53:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.04.22 16:53:44 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.04.22 16:53:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.04.22 16:53:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.04.22 16:53:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.04.22 16:53:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.04.22 16:53:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.04.22 16:53:42 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.04.22 16:53:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.04.22 16:53:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.04.22 16:53:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.04.22 16:53:37 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.04.22 16:53:37 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.04.22 16:53:37 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.04.22 16:53:36 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.04.22 16:53:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.04.22 16:50:38 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011.04.22 16:50:38 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011.04.22 16:50:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011.04.22 16:50:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011.04.22 16:50:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011.04.22 16:50:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011.04.22 16:50:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011.04.22 16:50:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011.04.22 16:49:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.04.22 16:48:29 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011.04.22 16:48:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011.04.22 16:48:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011.04.22 16:48:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011.04.22 16:48:27 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.04.22 16:47:34 | 002,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.04.22 16:47:33 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011.04.22 16:47:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.04.22 16:47:32 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.04.22 16:46:41 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011.04.22 16:46:38 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011.04.22 16:42:06 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.04.22 16:41:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011.04.22 16:41:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011.04.22 16:41:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011.04.22 16:41:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.04.22 16:38:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.04.22 16:38:13 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.04.22 16:38:13 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.04.22 16:38:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.04.22 16:38:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011.04.22 16:38:02 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011.04.22 16:38:01 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.22 16:38:01 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.22 16:38:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011.04.22 16:38:00 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011.04.22 16:38:00 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011.04.22 16:36:41 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.04.22 16:36:40 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.04.22 16:36:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.22 16:36:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.22 16:36:05 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.04.22 16:36:05 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.04.22 16:36:05 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.04.22 16:36:04 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.04.22 16:36:04 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.04.22 16:36:04 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.04.22 16:36:04 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011.04.22 16:36:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.04.22 16:36:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.04.22 16:35:55 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011.04.22 16:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.04.22 16:29:37 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2011.04.22 16:28:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.04.22 16:28:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.04.22 16:28:39 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.04.22 16:00:19 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2011.04.22 15:59:39 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2011.04.22 15:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.04.22 15:59:14 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.04.22 15:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.04.22 15:40:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.04.22 15:40:26 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.22 15:40:26 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.04.22 15:40:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011.04.22 15:40:25 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.04.22 15:02:17 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011.04.22 15:02:17 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011.04.22 15:02:09 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011.04.22 15:02:09 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011.04.22 15:02:09 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011.04.22 15:02:05 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011.04.22 15:02:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011.04.22 15:01:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.04.22 15:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2011.04.22 15:00:37 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick
[2011.04.22 15:00:27 | 000,004,352 | R--- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys
[2011.04.22 14:42:33 | 000,077,824 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.dll
[2011.04.22 14:42:32 | 000,440,832 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusbn.sys
[2011.04.22 14:42:32 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver
[2011.04.22 14:42:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AVM_Driver
[2011.04.22 14:38:48 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Hewlett-Packard
[2011.04.22 14:38:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ATI
[2011.04.22 14:38:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\ATI
[2011.04.22 14:38:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Symantec
[2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\Searches
[2011.04.22 14:38:06 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.04.22 14:37:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011.04.22 14:37:55 | 000,000,000 | RH-D | C] -- C:\Users\***\Contacts
[2011.04.22 14:37:53 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011.04.22 14:37:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.04.22 14:37:30 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011.04.22 14:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011.04.22 14:37:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2011.04.22 14:36:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Hewlett-Packard
[2011.04.22 14:36:13 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Adobe
[2011.04.22 14:36:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Adobe
[2011.04.22 14:35:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2011.04.22 14:35:49 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.04.22 14:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Benutzerhandbücher
[2011.04.22 14:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Testen Sie Microsoft Office 2007 60 Tage lang
[2011.04.22 14:35:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011.04.22 14:34:29 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011.04.22 14:34:28 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Videos
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Saved Games
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Pictures
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Music
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Links
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Favorites
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Downloads
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Documents
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\Desktop
[2011.04.22 14:34:28 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Temp
[2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.04.22 14:34:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011.04.22 14:34:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.04.22 14:28:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.04.22 14:26:22 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 11:40:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.26 11:29:25 | 000,623,030 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 11:29:25 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 11:29:25 | 000,125,172 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 11:29:25 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 11:22:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 11:22:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 11:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 11:22:09 | 3219,591,168 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.25 17:39:25 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~41803528r
[2011.04.25 17:39:25 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~41803528
[2011.04.25 17:38:24 | 000,000,589 | -H-- | M] () -- C:\Users\***\Desktop\Windows Recovery.lnk
[2011.04.25 17:38:19 | 000,000,344 | -H-- | M] () -- C:\ProgramData\41803528
[2011.04.25 17:38:18 | 000,487,424 | ---- | M] () -- C:\ProgramData\41803528.exe
[2011.04.25 17:28:19 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\vKECjCxHfiQS.exe
[2011.04.25 11:34:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.04.22 21:51:40 | 000,000,907 | -H-- | M] () -- C:\Users\***\Desktop\StarCraft II.lnk
[2011.04.22 19:50:52 | 000,409,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.22 18:50:13 | 000,262,144 | ---- | M] () -- C:\Windows\SPInstall.etl
[2011.04.22 17:22:45 | 000,000,680 | -H-- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.04.22 15:35:26 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2011.04.22 14:37:50 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2011.04.22 14:35:42 | 000,001,853 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_CPC_FL314AA-ABD SR5634DE_YC_0Pres_Q3CR844_E84CEv3PrA1_49_INARRA3_SPEGATRON CORPORATION_V3.02_B5.17_T081009_WUH1_L407_M3070_J500_7AMD_8Phenom 8600 Triple-Core_92.3_#090224_N10DE03EF_Z_G10029598.MRK
[2011.04.22 14:33:06 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2011.04.25 17:39:25 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~41803528r
[2011.04.25 17:39:25 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~41803528
[2011.04.25 17:38:24 | 000,000,589 | -H-- | C] () -- C:\Users\***\Desktop\Windows Recovery.lnk
[2011.04.25 17:38:19 | 000,000,344 | -H-- | C] () -- C:\ProgramData\41803528
[2011.04.25 17:38:17 | 000,487,424 | ---- | C] () -- C:\ProgramData\41803528.exe
[2011.04.25 11:34:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.04.22 21:37:48 | 000,000,907 | -H-- | C] () -- C:\Users\***\Desktop\StarCraft II.lnk
[2011.04.22 18:49:04 | 000,262,144 | ---- | C] () -- C:\Windows\SPInstall.etl
[2011.04.22 16:53:38 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.04.22 16:53:38 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.04.22 16:53:38 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.04.22 15:00:50 | 000,013,099 | R--- | C] () -- C:\Windows\instwcli.inf
[2011.04.22 14:50:29 | 000,000,680 | -H-- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.04.22 14:42:32 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2011.04.22 14:38:11 | 000,000,955 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.04.22 14:38:05 | 000,000,950 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.04.22 14:37:55 | 000,000,921 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.04.22 14:37:50 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2011.04.22 14:37:29 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
[2011.04.22 14:36:08 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.04.22 14:35:34 | 000,001,853 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_CPC_FL314AA-ABD SR5634DE_YC_0Pres_Q3CR844_E84CEv3PrA1_49_INARRA3_SPEGATRON CORPORATION_V3.02_B5.17_T081009_WUH1_L407_M3070_J500_7AMD_8Phenom 8600 Triple-Core_92.3_#090224_N10DE03EF_Z_G10029598.MRK
[2011.04.22 14:35:18 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2011.04.22 14:35:14 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011.04.22 14:35:14 | 000,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Für Kinder.lnk
[2011.04.22 14:34:28 | 000,001,258 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
[2011.04.22 14:24:07 | 3219,591,168 | -HS- | C] () -- C:\hiberfil.sys
[2008.08.23 16:03:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.08.23 16:03:47 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.08.23 16:03:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.08.23 16:03:47 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.08.23 16:03:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.08.23 16:03:47 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.08.23 15:50:47 | 000,623,030 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.08.23 15:50:47 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.08.23 15:50:47 | 000,125,172 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.08.23 15:50:47 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.08.23 06:55:13 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.08.23 06:39:34 | 000,115,774 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.08.23 06:13:49 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.08.23 06:13:49 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008.08.23 06:08:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 04:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,409,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,591,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,102,996 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
< End of report >
--- --- ---


Extras.Txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2011 11:41:32 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453,34 Gb Total Space | 392,76 Gb Free Space | 86,64% Space Free | Partition Type: NTFS
Drive D: | 12,42 Gb Total Space | 1,72 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive E: | 7,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EC0FFA70-8BCB-48A7-8F83-2A06D5814D8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A8A5F62-6AF7-45D6-A1B4-E1B25F70FE6F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4F7D1F98-8FE7-4F10-B988-EF6030B4B3B8}" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\starcraft ii.exe | 
"{BDB63345-54FD-41B4-B5AF-98035A9CCE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E54B1383-3F05-4511-AFB4-BB8B20705669}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{E73B444B-B70D-4170-BFE5-CEE8A26E7787}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F284BDF7-4184-4FB6-A8E0-C2400BBC0F8A}" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\starcraft ii.exe | 
"{FF447A34-4671-4658-A9EF-696B40774F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{51BF56A0-A347-4FF5-84FA-CFF54C7FEE9B}C:\users\***\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{5A75A92F-E49C-4110-9C94-C79E4931B9C0}C:\users\***\games\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\users\***\games\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{04707055-B8D6-473B-A63D-EA6682052382}C:\users\***\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{CA98683A-1446-4AFD-8048-B046D25791F1}C:\users\***\games\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\users\***\games\starcraft ii\versions\base18092\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0136FBFC-3519-4989-DB99-877B235CC2E0}" = Catalyst Control Center Localization Polish
"{01C8D40E-AED4-B5E8-D219-23647DB50D20}" = Catalyst Control Center Localization Turkish
"{03881930-4D06-344A-ED3C-8A586C499596}" = Catalyst Control Center Graphics Full Existing
"{08C8BF62-64E3-F94F-D3F7-F8D87C5561DF}" = CCC Help Russian
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{166BA127-8FF0-9292-03B1-6A2A820F89E1}" = ATI Catalyst Install Manager
"{19B87564-DE23-E660-0CF9-242584095D07}" = CCC Help English
"{1C158357-6B36-9CD5-58BE-F91F83348766}" = Skins
"{1CBC7616-8CD5-48A6-904B-9060ECBA8ABD}" = CCC Help Turkish
"{1D594C94-84C7-4153-DB02-C052AE52731F}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21F41E5F-BC7E-DEBA-4055-22B647A4C1EF}" = Catalyst Control Center Localization Norwegian
"{22148913-F136-C621-CD3A-284C5AC009C0}" = Catalyst Control Center Localization Greek
"{22BB0F0F-6D99-22F5-FF0A-2361C7719C6A}" = CCC Help Chinese Traditional
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2379A8F5-BA36-C701-956B-D34530C61961}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26EC9601-D617-02AE-ABE1-F68B8560C408}" = Catalyst Control Center InstallProxy
"{2D3E5692-FE93-2920-9C6F-3AEBFA5359E8}" = CCC Help Japanese
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{2FF0A015-DE51-BB1D-4CE3-6EDFC6E8A8E6}" = Catalyst Control Center Graphics Previews Common
"{303F26F5-FB3A-43BC-CE6D-3F08FE97B0D6}" = CCC Help Hungarian
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{393CC6C1-0390-99FD-1DA5-B831959BE347}" = Catalyst Control Center Localization Czech
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DCAC530-48B6-EADD-AB19-608E1FE7A7E5}" = CCC Help Swedish
"{3E08B2FA-0A22-FAED-136A-5EFD32A12D8B}" = Catalyst Control Center Localization German
"{3F00BB04-1FBF-5A1F-DC2D-14CF5F3267CA}" = Catalyst Control Center Localization Russian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{51566A36-1DD1-CA73-B66C-4A3362F32EA0}" = Catalyst Control Center Localization Japanese
"{5A134575-EE63-91E9-C6B0-60A6A95C8E28}" = CCC Help German
"{5B61CE81-E7A8-6B0A-8BF9-6D5DDDF32ABB}" = Catalyst Control Center Localization French
"{5CC09697-2668-2628-E55F-132FD5295061}" = Catalyst Control Center Graphics Previews Vista
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6C8B65B8-1804-033C-0DF2-0141ABC31AFC}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7720C701-DCEA-8681-F19D-ABF8F71E71D6}" = CCC Help Greek
"{79A7C14F-87FB-D194-5206-3DE360BF6778}" = CCC Help Spanish
"{81FD3A08-36E9-FD60-D966-61E92BC28B1A}" = Catalyst Control Center Localization Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{957DFC8D-C41C-7548-5E8A-A6D64310831C}" = Catalyst Control Center Localization Spanish
"{96F32F32-9869-37A1-9E6B-E09DBC6A167E}" = Catalyst Control Center Graphics Light
"{97993BF5-2EBA-B819-6887-249DF3C4516F}" = Catalyst Control Center Localization Swedish
"{983DEE06-316F-D636-78CD-C861B03369E7}" = Catalyst Control Center Localization Hungarian
"{9AD8869D-DC8A-8148-F9CA-C7E39B6B8B6F}" = Catalyst Control Center Localization Chinese Standard
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E3F7E39-9370-80D0-35BC-C082E07094F2}" = Catalyst Control Center Graphics Full New
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A51781E3-8F27-EBBC-CF3E-FFCFD5ADD131}" = CCC Help French
"{A5A042B2-7E3C-8933-5464-EFFE2DFA3592}" = CCC Help Polish
"{A7D36A5C-6E73-859C-9112-D046B2CEDCDB}" = Catalyst Control Center Localization Italian
"{AC3F7802-D1C9-0A33-A942-DC5E6F9D796E}" = Catalyst Control Center Localization Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE140B16-AE8C-8BB0-D518-00ECB4CF7D03}" = CCC Help Thai
"{AE219DD8-1BBA-6EBE-D425-7C2C4D998FF1}" = ccc-core-static
"{AFC3D130-069B-12FE-83EF-1DADC765ECEA}" = CCC Help Chinese Standard
"{B11022C0-D0A5-3B00-DDA7-83C147EBB888}" = Catalyst Control Center Localization Portuguese
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BB510D08-023C-31F2-0314-CD09ECBADA6F}" = CCC Help Finnish
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7724EFE-4992-F2F9-2B90-B567837C4FB0}" = Catalyst Control Center Localization Danish
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA4110E-F079-AE5C-37C6-D708BCAA9D8A}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D47C1EC7-3C98-06CA-5984-E80488024F20}" = Catalyst Control Center Localization Korean
"{D4A1A861-F3C5-569E-364F-CE63751CC266}" = Catalyst Control Center Core Implementation
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAA19C88-9787-33FB-8931-50F727AB48D3}" = CCC Help Danish
"{E0CBCABF-1A89-2225-5030-B2477AE952D5}" = CCC Help Norwegian
"{E2DA8D90-592E-3DE6-2361-A869AB473101}" = CCC Help Italian
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFA52078-2BB4-A3AA-27EB-171F84B64126}" = Catalyst Control Center Localization Dutch
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F41C8F4B-E359-2FF3-4C72-AD86EA5C690D}" = CCC Help Korean
"{FD9A2359-5EFB-56D0-BA76-C2F88D6693A1}" = Catalyst Control Center Localization Finnish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"StarCraft II" = StarCraft II
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"WildTangent hp Master Uninstall" = My HP Games
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2011 11:17:09 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 22.04.2011 11:21:54 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2011 11:24:13 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description = 
 
Error - 22.04.2011 11:33:40 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 22.04.2011 11:37:28 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2011 12:01:27 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2011 12:25:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2011 12:49:28 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 22.04.2011 13:02:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2011 13:16:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:09:55 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "" aus.
 
Error - 22.04.2011 14:10:01 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "C:" aus.
 
Error - 22.04.2011 14:10:37 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.04.2011 14:11:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---


Hier das Malwarebytes Logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6447

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26.04.2011 13:04:56
mbam-log-2011-04-26 (13-04-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 287195
Laufzeit: 49 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> 3012 -> Unloaded process successfully.
c:\programdata\41803528.exe (Trojan.FakeAlert) -> 3276 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKECjCxHfiQS (Trojan.FakeAlert) -> Value: vKECjCxHfiQS -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\41803528.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\FNID4LBS\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\virtualized\C\Users\***\Desktop\null0.5308003643368937.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\Low\jar_cache45453.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

 

Themen zu TR/Kazy.mekml.1 gefunden
andere, anderen, avgntflt.sys, desktop, excel.exe, forum, gefunde, hintergrundbild, icons, install.exe, intranet, jar_cache, location, microsoft office word, neu, office 2007, oldtimer, plug-in, poste, problem, saver, sched.exe, schwarz, shell32.dll, shortcut, start menu, tr/kazy.mekml.1, usern, virus


« Google verlinkt falsch | Trojanisches Pferd Kazy mekml 1 ( Windows 7 schon neu aufgesetzt) Berechtigungen ? »


Ähnliche Themen: TR/Kazy.mekml.1 gefunden


  1. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  2. TR/Kazy.mekml.1 - was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (5)
  3. Trojaner Tr Kazy mekml 1 gefunden: Logfiles
    Log-Analyse und Auswertung - 02.05.2011 (14)
  4. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  5. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (37)
  6. TR/Kazy.mekml.1 - OTL Fix?
    Log-Analyse und Auswertung - 01.05.2011 (17)
  7. TR/Kazy.mekml.1
    Mülltonne - 30.04.2011 (2)
  8. TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (10)
  9. TR/Kazy.mekml.1 gefunden, OTL Scan durchgeführt
    Log-Analyse und Auswertung - 28.04.2011 (1)
  10. TR/Kazy.mekml.1 gefunden, OTL Scan bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  11. TR/Kazy.mekml.1 wurde auf PC gefunden !
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (2)
  12. TR/kazy.mekml.1
    Mülltonne - 26.04.2011 (0)
  13. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  14. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 22.04.2011 (23)
  15. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 21.04.2011 (3)
  16. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 21.04.2011 (14)
  17. TR/Kazy.mekml.1 gefunden Kritischer fehler
    Log-Analyse und Auswertung - 21.04.2011 (25)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Kazy.mekml.1 gefunden - Hallo, ich bin neu hier im Forum und habe ein Problem: Wie bei vielen anderen Usern hat auch mein PC den Virus TR/Kazy.mekml.1 gefunden. Mein Hintergrundbild wird Schwarz und alle - TR/Kazy.mekml.1 gefunden...
Archiv
Du betrachtest: TR/Kazy.mekml.1 gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131