| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 - BefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2011, 14:06
| #1 |
 |  TR/Kazy.mekml.1 - Befall Dateien unsichtbar, kritischer Zustand, Festplatte defekt etc. !!! Wie bei anderen Usern auch die Frage: Wie bekomme ich diesen Trojaner weg? Der OTL-Scan läuft gerade. Ich erbitte Hilfe, da es wohl keine Pauschallösung gibt. |
|
27.04.2011, 14:36
| #2 |
| /// Malware-holic   |  TR/Kazy.mekml.1 - Befall dann poste doch erst mal die otl logs
__________________
__________________ |
|
27.04.2011, 15:02
| #3 |
| | TR/Kazy.mekml.1 - Befall sry, der malwarebytes-scan läuft gerade. werde otl im anschluss scannen,
__________________oder nicht nötig ? |
|
27.04.2011, 15:20
| #4 |
| /// Malware-holic | TR/Kazy.mekml.1 - Befall doch Malwarebytes posten, danach otl
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.04.2011, 15:38
| #5 |
| | TR/Kazy.mekml.1 - Befall malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6456 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27.04.2011 16:34:58 mbam-log-2011-04-27 (16-34-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 337312 Laufzeit: 2 Stunde(n), 11 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.FakeMS.VGen) -> Value: 4E3E0230AEBB4E96 -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8AE076C7-B185-5964-8D3D-ADCC7D0030C5} (Trojan.ZbotR.Gen) -> Value: {8AE076C7-B185-5964-8D3D-ADCC7D0030C5} -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cleansweep.exe (Trojan.Agent) -> Value: cleansweep.exe -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\cleansweep.exe (Trojan.Agent) -> No action taken. c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken. Infizierte Dateien: c:\Recycle.Bin\recycle.bin.exe (Trojan.FakeMS.VGen) -> No action taken. c:\Users\Stoni\AppData\Local\Temp\tmpDC49.tmp (Trojan.FakeAlert) -> No action taken. c:\cleansweep.exe\config.bin (Trojan.Agent) -> No action taken. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken. |
|
27.04.2011, 15:39
| #6 |
| /// Malware-holic | TR/Kazy.mekml.1 - Befall das was ich hier sehe gefällt mir schon jetzt nicht :d machst du onlinebanking einköäufe oder sonst was wichtiges mit dem pc?
__________________ --> TR/Kazy.mekml.1 - Befall |
|
27.04.2011, 15:41
| #7 |
| | TR/Kazy.mekml.1 - Befall onlinebanking, einkäufe etc. - klar alles solche dinge !!! |
|
27.04.2011, 15:44
| #8 |
| /// Malware-holic | TR/Kazy.mekml.1 - Befall ok. 1. bank sofort anrufen sperren lassen, der spyeye den du auf dem pc hast klaut daten. 2. falls vorhanden von sauberem pc aus passwörter endern. 3. lade unhide: http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar 4. da wir nicht garantieren können, das wir dein system sauber bekommen, ist formatieren angesagt! vorher daten sichern. wenn du willst, helfe ich dir, das system diesmal richtig abzusichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.04.2011, 15:49
| #9 |
| | TR/Kazy.mekml.1 - Befall unhide kommt später ! otl läuft jetzt ! ok, werde konten für onlinebanking sperren lasssen. datensicherung mache ich ... |
|
27.04.2011, 15:50
| #10 |
| /// Malware-holic | TR/Kazy.mekml.1 - Befall ok poste otl ich sehe es mir an, aber neu aufsetzen wirst du müssen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.04.2011, 15:51
| #11 |
| | TR/Kazy.mekml.1 - Befall otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.04.2011 16:42:44 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Stoni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 29,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 45,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 205,80 Gb Total Space | 62,25 Gb Free Space | 30,25% Space Free | Partition Type: NTFS Drive D: | 27,07 Gb Total Space | 17,43 Gb Free Space | 64,39% Space Free | Partition Type: FAT32 Drive G: | 483,56 Mb Total Space | 96,30 Mb Free Space | 19,91% Space Free | Partition Type: FAT Computer Name: STONI-PC | User Name: Stoni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.27 14:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stoni\Downloads\OTL.exe PRC - [2011.04.27 14:06:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.05 16:11:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.16 17:18:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.11.24 20:25:15 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.06.20 23:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe PRC - [2007.05.22 16:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2007.05.18 16:14:14 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2007.05.11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2007.04.26 14:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe PRC - [2007.02.27 20:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2007.02.27 19:57:54 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007.01.30 17:47:46 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2003.12.02 08:49:00 | 000,053,248 | ---- | M] (GEAR Software) -- C:\Windows\System32\gearsec.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2011.04.27 14:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stoni\Downloads\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService) SRV - [2011.04.27 14:06:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 17:18:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.23 14:34:27 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005.11.17 15:18:52 | 001,527,900 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2003.12.02 08:49:00 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\Windows\System32\gearsec.exe -- (gearsec) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 17:18:06 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.24 20:25:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.07.09 02:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2007.06.11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.05.24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007.04.24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.03.05 21:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50) DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50) DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.05 16:11:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 16:11:25 | 000,000,000 | ---D | M] [2010.09.03 13:17:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stoni\AppData\Roaming\mozilla\Extensions [2011.03.30 22:12:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions [2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (Speed Dial) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\vshare@toolbar [2011.03.07 08:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.04.20 11:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.19 14:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.20 15:02:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.20 16:25:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.07 08:21:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.04.05 16:11:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.04.05 16:11:16 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.05 16:11:16 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011.04.05 16:11:16 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.05 16:11:16 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.04.05 16:11:16 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.05 16:11:16 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{8AE076C7-B185-5964-8D3D-ADCC7D0030C5}] File not found O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found O4 - HKCU..\Run: [cleansweep.exe] File not found O4 - HKCU..\Run: [KiesTrayAgent] File not found O4 - HKCU..\Run: [msnmsgr] File not found O4 - HKCU..\Run: [RGSC] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stoni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Stoni\Pictures\Stoni & Friends\_lwf0000.jpg O24 - Desktop BackupWallPaper: C:\Users\Stoni\Pictures\Stoni & Friends\_lwf0000.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ca45d4b8-de2c-11dd-8820-001060d023da}\Shell\AutoRun\command - "" = F:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.27 14:20:20 | 000,000,000 | ---D | C] -- C:\Users\Stoni\AppData\Roaming\Malwarebytes [2011.04.27 14:20:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.27 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.27 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.27 14:20:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.27 14:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.25 14:13:29 | 000,000,000 | ---D | C] -- C:\Users\Stoni\AppData\Roaming\Avira [2011.04.16 00:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.16 00:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.04.16 00:51:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.14 16:43:41 | 000,000,000 | -H-D | C] -- C:\Users\Stoni\Desktop\Gran.Turismo.5.Official.Game.Guide.PS3 [2011.04.14 09:46:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 09:46:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 09:45:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 09:45:57 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 09:45:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 09:45:27 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 09:45:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 09:45:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 09:45:27 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 09:45:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.14 09:45:25 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.14 09:45:21 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 09:45:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 09:45:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.03.31 14:41:06 | 000,000,000 | RH-D | C] -- C:\Users\Stoni\Documents\Home-Physio [2011.03.30 11:26:19 | 000,000,000 | -H-D | C] -- C:\Users\Stoni\ElsterFormular [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.27 16:19:47 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 16:19:47 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 16:02:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.27 14:20:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 14:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.27 12:24:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.26 19:59:23 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3BC906B6-DBF1-4D93-BFD3-20BEBE5F3A0C}.job [2011.04.26 07:47:53 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.26 07:47:53 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.26 07:47:53 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.26 07:47:53 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.25 14:12:28 | 000,001,743 | ---- | M] () -- C:\Users\Stoni\Desktop\Windows Mail.lnk [2011.04.25 13:44:32 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 13:32:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.21 19:28:32 | 000,112,183 | -H-- | M] () -- C:\Users\Stoni\AppData\Roaming\nvModes.001 [2011.04.21 08:13:54 | 000,112,183 | -H-- | M] () -- C:\Users\Stoni\AppData\Roaming\nvModes.dat [2011.04.16 00:55:24 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.14 22:22:14 | 000,007,592 | -H-- | M] () -- C:\Users\Stoni\AppData\Local\d3d9caps.dat [2011.04.14 12:47:45 | 000,480,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.10 11:19:37 | 000,262,144 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.04.05 16:30:50 | 000,210,944 | -H-- | M] () -- C:\Users\Stoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 14:20:10 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 14:12:28 | 000,001,743 | ---- | C] () -- C:\Users\Stoni\Desktop\Windows Mail.lnk [2011.04.16 00:55:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.05 16:11:28 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2010.06.24 12:49:45 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.04.27 15:10:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.04.27 15:10:22 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.08.08 19:17:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.08 19:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.05 00:12:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.09.18 22:26:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.16 23:12:55 | 000,024,785 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\UserTile.png [2008.08.24 15:24:50 | 000,000,000 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\Default.PLS [2008.08.10 11:11:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.03.14 09:02:36 | 000,007,592 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\d3d9caps.dat [2008.01.23 09:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.01.05 23:29:23 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat [2008.01.05 22:56:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.11.26 20:18:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.11.26 15:51:09 | 000,112,183 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\nvModes.001 [2007.11.26 15:51:08 | 000,112,183 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\nvModes.dat [2007.11.26 01:02:26 | 000,000,234 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\wklnhst.dat [2007.11.26 00:49:25 | 000,210,944 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.26 00:25:48 | 000,000,093 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\fusioncache.dat [2007.10.20 05:46:52 | 000,001,500 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.10.19 08:23:05 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.10.19 08:23:05 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.10.19 05:26:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.10.18 07:54:34 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.10.18 07:54:16 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.10.17 15:13:05 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.10.17 14:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2007.10.10 11:38:38 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2007.10.02 17:05:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.02 17:03:19 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys [2007.10.02 17:03:19 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys [2007.10.01 14:10:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,480,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report > |
|
27.04.2011, 15:51
| #12 |
| | TR/Kazy.mekml.1 - Befall otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.04.2011 16:42:44 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Stoni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 29,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 45,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 205,80 Gb Total Space | 62,25 Gb Free Space | 30,25% Space Free | Partition Type: NTFS Drive D: | 27,07 Gb Total Space | 17,43 Gb Free Space | 64,39% Space Free | Partition Type: FAT32 Drive G: | 483,56 Mb Total Space | 96,30 Mb Free Space | 19,91% Space Free | Partition Type: FAT Computer Name: STONI-PC | User Name: Stoni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.27 14:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stoni\Downloads\OTL.exe PRC - [2011.04.27 14:06:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.05 16:11:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.16 17:18:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.11.24 20:25:15 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.12 16:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.06.20 23:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe PRC - [2007.05.22 16:57:26 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2007.05.18 16:14:14 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2007.05.11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2007.04.26 14:53:38 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Program Files\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe PRC - [2007.02.27 20:21:08 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2007.02.27 19:57:54 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007.01.30 17:47:46 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2003.12.02 08:49:00 | 000,053,248 | ---- | M] (GEAR Software) -- C:\Windows\System32\gearsec.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2011.04.27 14:13:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stoni\Downloads\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService) SRV - [2011.04.27 14:06:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 17:18:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.23 14:34:27 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005.11.17 15:18:52 | 001,527,900 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2003.12.02 08:49:00 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\Windows\System32\gearsec.exe -- (gearsec) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 17:18:06 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.24 20:25:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.07.09 02:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.06.26 13:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2007.06.11 14:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.05.24 14:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007.04.24 13:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.03.05 21:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 16:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50) DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50) DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.05 16:11:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 16:11:25 | 000,000,000 | ---D | M] [2010.09.03 13:17:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stoni\AppData\Roaming\mozilla\Extensions [2011.03.30 22:12:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions [2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (Speed Dial) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2011.04.25 13:42:50 | 000,000,000 | -H-D | M] (vShare) -- C:\Users\Stoni\AppData\Roaming\mozilla\Firefox\Profiles\ag8h20us.default\extensions\vshare@toolbar [2011.03.07 08:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.04.20 11:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.19 14:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.20 15:02:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.20 16:25:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.07 08:21:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2011.04.05 16:11:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011.04.05 16:11:16 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.05 16:11:16 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011.04.05 16:11:16 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.05 16:11:16 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.04.05 16:11:16 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.04.05 16:11:16 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{8AE076C7-B185-5964-8D3D-ADCC7D0030C5}] File not found O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found O4 - HKCU..\Run: [cleansweep.exe] File not found O4 - HKCU..\Run: [KiesTrayAgent] File not found O4 - HKCU..\Run: [msnmsgr] File not found O4 - HKCU..\Run: [RGSC] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stoni\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Stoni\Pictures\Stoni & Friends\_lwf0000.jpg O24 - Desktop BackupWallPaper: C:\Users\Stoni\Pictures\Stoni & Friends\_lwf0000.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ca45d4b8-de2c-11dd-8820-001060d023da}\Shell\AutoRun\command - "" = F:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.27 14:20:20 | 000,000,000 | ---D | C] -- C:\Users\Stoni\AppData\Roaming\Malwarebytes [2011.04.27 14:20:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.27 14:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.27 14:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.27 14:20:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.27 14:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.25 14:13:29 | 000,000,000 | ---D | C] -- C:\Users\Stoni\AppData\Roaming\Avira [2011.04.16 00:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.16 00:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.04.16 00:51:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.14 16:43:41 | 000,000,000 | -H-D | C] -- C:\Users\Stoni\Desktop\Gran.Turismo.5.Official.Game.Guide.PS3 [2011.04.14 09:46:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 09:46:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 09:45:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 09:45:57 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 09:45:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 09:45:27 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 09:45:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 09:45:27 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 09:45:27 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 09:45:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.14 09:45:25 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.14 09:45:21 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 09:45:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 09:45:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.03.31 14:41:06 | 000,000,000 | RH-D | C] -- C:\Users\Stoni\Documents\Home-Physio [2011.03.30 11:26:19 | 000,000,000 | -H-D | C] -- C:\Users\Stoni\ElsterFormular [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.27 16:19:47 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 16:19:47 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 16:02:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.27 14:20:10 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 14:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.27 12:24:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.26 19:59:23 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3BC906B6-DBF1-4D93-BFD3-20BEBE5F3A0C}.job [2011.04.26 07:47:53 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.26 07:47:53 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.26 07:47:53 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.26 07:47:53 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.25 14:12:28 | 000,001,743 | ---- | M] () -- C:\Users\Stoni\Desktop\Windows Mail.lnk [2011.04.25 13:44:32 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 13:32:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.21 19:28:32 | 000,112,183 | -H-- | M] () -- C:\Users\Stoni\AppData\Roaming\nvModes.001 [2011.04.21 08:13:54 | 000,112,183 | -H-- | M] () -- C:\Users\Stoni\AppData\Roaming\nvModes.dat [2011.04.16 00:55:24 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.14 22:22:14 | 000,007,592 | -H-- | M] () -- C:\Users\Stoni\AppData\Local\d3d9caps.dat [2011.04.14 12:47:45 | 000,480,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.10 11:19:37 | 000,262,144 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.04.05 16:30:50 | 000,210,944 | -H-- | M] () -- C:\Users\Stoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 14:20:10 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 14:12:28 | 000,001,743 | ---- | C] () -- C:\Users\Stoni\Desktop\Windows Mail.lnk [2011.04.16 00:55:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.05 16:11:28 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2010.06.24 12:49:45 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.04.27 15:10:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.04.27 15:10:22 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.08.08 19:17:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.08 19:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.05 00:12:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.09.18 22:26:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.16 23:12:55 | 000,024,785 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\UserTile.png [2008.08.24 15:24:50 | 000,000,000 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\Default.PLS [2008.08.10 11:11:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.03.14 09:02:36 | 000,007,592 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\d3d9caps.dat [2008.01.23 09:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.01.05 23:29:23 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat [2008.01.05 22:56:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.11.26 20:18:45 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.11.26 15:51:09 | 000,112,183 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\nvModes.001 [2007.11.26 15:51:08 | 000,112,183 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\nvModes.dat [2007.11.26 01:02:26 | 000,000,234 | -H-- | C] () -- C:\Users\Stoni\AppData\Roaming\wklnhst.dat [2007.11.26 00:49:25 | 000,210,944 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.26 00:25:48 | 000,000,093 | -H-- | C] () -- C:\Users\Stoni\AppData\Local\fusioncache.dat [2007.10.20 05:46:52 | 000,001,500 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.10.19 08:23:05 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.10.19 08:23:05 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.10.19 05:26:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.10.18 07:54:34 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.10.18 07:54:16 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.10.17 15:13:05 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.10.17 14:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2007.10.10 11:38:38 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2007.10.02 17:05:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.02 17:03:19 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys [2007.10.02 17:03:19 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys [2007.10.01 14:10:15 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,480,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report > |
|
27.04.2011, 15:54
| #13 |
| /// Malware-holic | TR/Kazy.mekml.1 - Befall ok da ist noch was das ich benötige. mach erst mal unhide. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe () :Files C:\Recycle.Bin :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.04.2011, 16:35
| #14 |
| | TR/Kazy.mekml.1 - Befall All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 deleted successfully. File C:\Recycle.Bin\Recycle.Bin.exe not found. ========== FILES ========== File\Folder C:\Recycle.Bin not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Stoni ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Stoni ->Temp folder emptied: 3299321561 bytes ->Temporary Internet Files folder emptied: 676710997 bytes ->Java cache emptied: 61455526 bytes ->FireFox cache emptied: 316981564 bytes ->Apple Safari cache emptied: 11993088 bytes ->Opera cache emptied: 11080317 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 256903 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 646790585 bytes RecycleBin emptied: 7541751641 bytes Total Files Cleaned = 11.984,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04272011_171341 Files\Folders moved on Reboot... C:\Users\Stoni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GPFH11R\www10_de_shopping_com[1].htm moved successfully. File\Folder C:\Users\Stoni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AVEU916\adFrameCommon[1].htm not found! File\Folder C:\Users\Stoni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AVEU916\adFrameCommon[2].htm not found! File\Folder C:\Windows\temp\JET9CBB.tmp not found! C:\Windows\temp\JETFF25.tmp moved successfully. Registry entries deleted on Reboot... den upload versuche ich jetzt ... |
|
27.04.2011, 16:53
| #15 |
| | TR/Kazy.mekml.1 - Befall nach dem neustart soweit alles gut, jedoch erscheint weiterhin alle 5 minuten ein fenster: internet-explorer-skriptfehler ... obwohl ich mit mozille arbeite !!! |
|
| Themen zu TR/Kazy.mekml.1 - Befall |
| andere, anderen, befall, dateien, dateien unsichtbar, defekt, erbitte, festplatte, festplatte defekt, frage, kritischer, otl-scan, platte, sichtbar, tr/kazy.mekml.1, troja, trojaner, unsichtbar, usern |
Linear-Darstellung
