Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Kazy.mekml.1 Problem!

Kazy.mekml.1 Problem!


Plagegeister aller Art und deren Bekämpfung: Kazy.mekml.1 Problem!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.04.2011, 17:13   #1
Eisenschwein
 
Kazy.mekml.1 Problem! - Standard

Kazy.mekml.1 Problem!


Hallo,
ich habe mir gestern den Kazy.mekml.1 eingefangen.
habe bereits im forum gestöbert aber irgendwie komme ich nicht weiter.
soweit ich verstanden habe muss man eine systemscan mit OTL machen.

so das hab ich gemacht und es zeigte folgendes an:

OTL logfile created on: 27.04.2011 09:26:36 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Franziska Bach\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,48 Gb Total Space | 33,40 Gb Free Space | 11,70% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,58 Gb Free Space | 45,78% Space Free | Partition Type: NTFS
Drive E: | 3,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: FRANZISKABAC-PC | User Name: Franziska Bach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.27 09:25:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Franziska Bach\Downloads\OTL.com
PRC - [2011.04.26 19:38:51 | 000,487,424 | -H-- | M] () -- C:\ProgramData\43769608.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Programme\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.09.17 03:30:12 | 001,933,381 | ---- | M] (Informer Technologies, Inc.) -- C:\Programme\Software Informer\softinfo.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.31 03:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Programme\Free Download Manager\fdm.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.10.04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2008.09.23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.09.18 23:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Programme\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.03.04 07:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.07.11 16:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007.06.13 09:16:02 | 000,528,384 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007.04.02 15:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.03.16 04:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Programme\Common Files\Teleca Shared\Generic.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (SafeList) ==========

MOD - [2011.04.27 09:25:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Franziska Bach\Downloads\OTL.com
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2009.01.23 02:21:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.10.04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.09.23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.04.02 15:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.27 11:07:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.03.04 07:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008.03.04 07:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.04.23 16:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.23 16:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007.04.23 16:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007.04.23 16:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007.04.03 14:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007.04.03 14:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 14:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007.04.03 14:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 14:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 14:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 14:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005.06.13 11:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {8c925777-22df-4587-86f7-7ddd6d2ad1eb} - C:\Programme\radio_de\tbrad1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=5090123
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8c925777-22df-4587-86f7-7ddd6d2ad1eb} - C:\Programme\radio_de\tbrad1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.27 23:04:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.27 23:04:38 | 000,000,000 | ---D | M]

[2009.01.27 19:16:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Franziska Bach\AppData\Roaming\mozilla\Extensions
[2011.04.26 09:56:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Franziska Bach\AppData\Roaming\mozilla\Firefox\Profiles\yiykijkv.default\extensions
[2010.09.19 20:04:01 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Franziska Bach\AppData\Roaming\mozilla\Firefox\Profiles\yiykijkv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.28 21:04:46 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Franziska Bach\AppData\Roaming\mozilla\Firefox\Profiles\yiykijkv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.17 21:52:30 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Franziska Bach\AppData\Roaming\mozilla\Firefox\Profiles\yiykijkv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.27 09:24:18 | 000,001,056 | ---- | M] () -- C:\Users\Franziska Bach\AppData\Roaming\Mozilla\Firefox\Profiles\yiykijkv.default\searchplugins\icqplugin.xml
[2011.03.28 21:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.13 22:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009.06.27 10:34:21 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2010.06.13 22:17:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008.06.19 11:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Programme\Mozilla Firefox\plugins\MyCamera.dll
[2008.06.19 11:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Programme\Mozilla Firefox\plugins\NPCIG.dll
[2010.06.13 22:17:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.27 17:49:47 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.27 17:49:48 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.27 17:49:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.27 17:49:48 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.27 17:49:48 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (radio de Toolbar) - {8c925777-22df-4587-86f7-7ddd6d2ad1eb} - C:\Programme\radio_de\tbrad1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (radio de Toolbar) - {8c925777-22df-4587-86f7-7ddd6d2ad1eb} - C:\Programme\radio_de\tbrad1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (radio de Toolbar) - {8C925777-22DF-4587-86F7-7DDD6D2AD1EB} - C:\Programme\radio_de\tbrad1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [sFGtypQnwU] C:\ProgramData\sFGtypQnwU.exe (WinTrust)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [TerraniserService] File not found
O4 - Startup: C:\Users\Franziska Bach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.12.07 14:05:05 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{028d2b75-a9cd-11df-b855-0023ae05213c}\Shell - "" = AutoRun
O33 - MountPoints2\{028d2b75-a9cd-11df-b855-0023ae05213c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{028d2b77-a9cd-11df-b855-0023ae05213c}\Shell - "" = AutoRun
O33 - MountPoints2\{028d2b77-a9cd-11df-b855-0023ae05213c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{18336473-d9fb-11df-b403-00225f27e2d5}\Shell - "" = AutoRun
O33 - MountPoints2\{18336473-d9fb-11df-b403-00225f27e2d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2192b9fb-a9db-11df-86a3-0023ae05213c}\Shell - "" = AutoRun
O33 - MountPoints2\{2192b9fb-a9db-11df-86a3-0023ae05213c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2192ba15-a9db-11df-86a3-0023ae05213c}\Shell - "" = AutoRun
O33 - MountPoints2\{2192ba15-a9db-11df-86a3-0023ae05213c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2192ba1d-a9db-11df-86a3-0023ae05213c}\Shell - "" = AutoRun
O33 - MountPoints2\{2192ba1d-a9db-11df-86a3-0023ae05213c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2192ba1f-a9db-11df-86a3-0023ae05213c}\Shell - "" = AutoRun
O33 - MountPoints2\{2192ba1f-a9db-11df-86a3-0023ae05213c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{45acb765-a957-11df-b961-00225f27e2d5}\Shell - "" = AutoRun
O33 - MountPoints2\{45acb765-a957-11df-b961-00225f27e2d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{45acb77f-a957-11df-b961-00225f27e2d5}\Shell - "" = AutoRun
O33 - MountPoints2\{45acb77f-a957-11df-b961-00225f27e2d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{45acb789-a957-11df-b961-00225f27e2d5}\Shell - "" = AutoRun
O33 - MountPoints2\{45acb789-a957-11df-b961-00225f27e2d5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7571e7f2-e8e6-11dd-ba6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7571e7f2-e8e6-11dd-ba6e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\launcher.exe -- [2007.01.11 13:08:10 | 001,847,296 | R--- | M] ()
O33 - MountPoints2\{9dc23963-0245-11de-8a33-00225f27e2d5}\Shell - "" = AutoRun
O33 - MountPoints2\{9dc23963-0245-11de-8a33-00225f27e2d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9dc2399b-0245-11de-8a33-00225f27e2d5}\Shell - "" = AutoRun
O33 - MountPoints2\{9dc2399b-0245-11de-8a33-00225f27e2d5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{dc42990c-d9dd-11df-93d1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc42990c-d9dd-11df-93d1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dc429947-d9dd-11df-93d1-00225f27e2d5}\Shell - "" = AutoRun
O33 - MountPoints2\{dc429947-d9dd-11df-93d1-00225f27e2d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.04.26 19:39:44 | 000,000,000 | -H-D | C] -- C:\Users\Franziska Bach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.26 16:40:15 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\sFGtypQnwU.exe
[2011.04.20 08:47:13 | 000,000,000 | -H-D | C] -- C:\Users\Franziska Bach\Desktop\Video Sylverter
[2011.04.15 19:33:21 | 000,000,000 | -H-D | C] -- C:\Users\Franziska Bach\Desktop\Musik aktuell
[2011.04.14 22:24:29 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 22:24:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 22:24:21 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 22:24:21 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 22:24:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 22:24:11 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 22:24:07 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 22:24:07 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 22:24:07 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 22:24:07 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 22:24:07 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.14 22:24:07 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 22:24:07 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 22:24:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 22:24:06 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 22:24:01 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 22:23:58 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 22:23:58 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 16:26:43 | 000,000,000 | ---D | C] -- C:\Programme\Valve
[2011.04.13 22:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.13 22:19:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.13 22:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.04.10 19:40:30 | 000,000,000 | -H-D | C] -- C:\Users\Franziska Bach\Desktop\Ebay11
[2011.04.02 11:13:01 | 000,000,000 | -H-D | C] -- C:\Users\Franziska Bach\Desktop\DCIM
[2011.03.31 10:54:08 | 000,000,000 | -H-D | C] -- C:\Users\Franziska Bach\Desktop\Ebay
[2011.03.28 21:04:59 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2011.03.28 21:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.03.28 21:04:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\ICQ
[2011.03.28 21:02:57 | 000,000,000 | -H-D | C] -- C:\Programme\ICQ7.4
[2009.08.07 23:01:54 | 008,653,312 | -H-- | C] (Dell, Inc. ) -- C:\Users\Franziska Bach\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011.04.27 09:10:08 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 09:08:31 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.27 09:08:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 09:08:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 09:08:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 19:42:58 | 000,000,392 | -H-- | M] () -- C:\ProgramData\43769608
[2011.04.26 19:40:57 | 000,000,585 | -H-- | M] () -- C:\Users\Franziska Bach\Desktop\Windows Recovery.lnk
[2011.04.26 19:39:48 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~43769608r
[2011.04.26 19:39:48 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43769608
[2011.04.26 19:38:51 | 000,487,424 | -H-- | M] () -- C:\ProgramData\43769608.exe
[2011.04.26 19:10:50 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 19:10:49 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 19:10:49 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 19:10:49 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 19:03:59 | 000,296,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.26 16:40:14 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\sFGtypQnwU.exe
[2011.04.26 15:37:30 | 000,196,608 | -H-- | M] () -- C:\Users\Franziska Bach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.25 22:11:11 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.04.17 23:15:00 | 000,022,878 | -H-- | M] () -- C:\Users\Franziska Bach\AppData\Roaming\wklnhst.dat
[2011.04.17 23:15:00 | 000,010,240 | -H-- | M] () -- C:\Users\Franziska Bach\Desktop\Erlaubnisantrag PTA.wps
[2011.04.13 22:20:56 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.29 21:26:15 | 115,680,727 | -H-- | M] () -- C:\Users\Franziska Bach\Desktop\qian_hu.flv
[2011.03.28 21:04:56 | 000,001,611 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk

========== Files Created - No Company Name ==========

[2011.04.26 19:40:57 | 000,000,585 | -H-- | C] () -- C:\Users\Franziska Bach\Desktop\Windows Recovery.lnk
[2011.04.26 19:39:48 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~43769608r
[2011.04.26 19:39:48 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43769608
[2011.04.26 19:39:09 | 000,000,392 | -H-- | C] () -- C:\ProgramData\43769608
[2011.04.26 19:38:51 | 000,487,424 | -H-- | C] () -- C:\ProgramData\43769608.exe
[2011.04.17 22:11:26 | 000,010,240 | -H-- | C] () -- C:\Users\Franziska Bach\Desktop\Erlaubnisantrag PTA.wps
[2011.04.13 22:20:56 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.29 21:23:31 | 115,680,727 | -H-- | C] () -- C:\Users\Franziska Bach\Desktop\qian_hu.flv
[2011.03.28 21:04:56 | 000,001,611 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2010.12.05 13:56:24 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.05 13:55:45 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010.12.05 13:51:02 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.31 17:03:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs1l3.dll
[2009.10.04 19:18:18 | 000,005,972 | -H-- | C] () -- C:\Users\Franziska Bach\AppData\Local\d3d9caps.dat
[2009.09.03 18:28:12 | 000,000,102 | -H-- | C] () -- C:\Users\Franziska Bach\AppData\Local\fusioncache.dat
[2009.08.30 19:43:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\GKSUI16.EXE
[2009.08.02 13:21:26 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe
[2009.08.02 13:21:26 | 000,000,813 | ---- | C] () -- C:\Windows\unins000.dat
[2009.05.30 10:14:36 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2009.05.13 12:02:50 | 000,001,004 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.01.27 18:43:50 | 000,196,608 | -H-- | C] () -- C:\Users\Franziska Bach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.27 18:35:29 | 000,022,878 | -H-- | C] () -- C:\Users\Franziska Bach\AppData\Roaming\wklnhst.dat
[2009.01.23 10:38:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009.01.23 10:38:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009.01.23 10:38:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009.01.23 10:38:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009.01.23 10:38:05 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.01.23 10:38:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009.01.23 10:34:42 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.23 10:34:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.23 02:07:58 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.01.23 02:07:57 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009.01.23 02:02:50 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008.02.06 08:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 09:15:58 | 000,639,210 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,131,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,296,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,108,096 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:25:25 | 001,197,056 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

< End of report >





SO UND NUN WEITER? ich bitte um verständliche erklärungen(hab ni so viel ahnung in sachen pc).
ich muss zumindest die datein unbedingt sichern( da sind foto und videoaufnahmen von meinen verstorbenen urgroßeltern drauf die ich um keinen preis verlieren möchte!)!!!!

vilen lieben dank im vorraus!
eisenschwein

Alt 28.04.2011, 19:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Kazy.mekml.1 Problem! - Standard

Kazy.mekml.1 Problem!


Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________
Antwort

Themen zu Kazy.mekml.1 Problem!
adobe, alternate, antivir, autorun, avgntflt.sys, avira, bho, bonjour, canon, conduit, defender, desktop, error, explorer, firefox, format, free download, home, icq, intranet, location, logfile, microsoft, mozilla, musik, oldtimer, plug-in, problem, programme, registry, searchplugins, software, start menu, temp, vista, winlogon


« Virenbefall gemeldet von Microsoft Essentials... | Kein Desktop mehr nach Beseitigung von TR/LockScreen.Q (WinXP Pro SP3) »


Ähnliche Themen: Kazy.mekml.1 Problem!


  1. Habe/Hatte Problem mit Virus Kazy.mekml, Windows NEU aufspielen?
    Log-Analyse und Auswertung - 17.05.2011 (7)
  2. TR/Kazy.mekml.1 ?
    Log-Analyse und Auswertung - 15.05.2011 (15)
  3. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  4. Ebenfalls "TR/Kazy.mekml.1" Problem
    Log-Analyse und Auswertung - 12.05.2011 (3)
  5. tr/kazy.mekml.1 Problem
    Log-Analyse und Auswertung - 04.05.2011 (3)
  6. wiedermal ein TR/Kazy.mekml.1 problem..
    Log-Analyse und Auswertung - 28.04.2011 (1)
  7. TR/Kazy.mekml.1 - Festplatte beschädigt. Das System hat ein Problem mit...
    Log-Analyse und Auswertung - 28.04.2011 (6)
  8. tr/kazy.mekml.1 problem bitte um hilfe!
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  9. Bekanntes problem TR/Kazy mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (4)
  10. TR/kazy.mekml.1 Problem-Reporte schon erstellt
    Log-Analyse und Auswertung - 26.04.2011 (13)
  11. Problem mit TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (1)
  12. TR/Kazy.mekml.1 Trojaner gleiches problem wie Florian1
    Log-Analyse und Auswertung - 25.04.2011 (1)
  13. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  14. TR/kazy.mekml.1 <-- mein Problem hab kein windows 7 oder vista wie andere
    Log-Analyse und Auswertung - 22.04.2011 (4)
  15. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 22.04.2011 (23)
  16. habe auch das problem mit TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 20.04.2011 (29)
  17. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 19.04.2011 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Kazy.mekml.1 Problem! - Hallo, ich habe mir gestern den Kazy.mekml.1 eingefangen. habe bereits im forum gestöbert aber irgendwie komme ich nicht weiter. soweit ich verstanden habe muss man eine systemscan mit OTL machen. - Kazy.mekml.1 Problem!...
Archiv
Du betrachtest: Kazy.mekml.1 Problem! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55