|
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1 ... SOSWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.04.2011, 12:38 | #1 |
| TR/Kazy.mekml.1 ... SOS upps, war im falschen Thread ... sorry Hallo liebe Community, ich bin auch neu hier. auch ich habe mir den Trojaner TR/Kazy.mekml.1 eingefangen. Nun bitte ich euch um hilfe, da ich keinerlei Ahnung habe von "Virenbekämpfung" Lasse gerade den OTL Scan laufen, melde mich dann mit den 2 Dateien und freue mich auf eure Hilfe ... Bin mit dem 2ten Laptop online, da der infizierte jetzt immer wieder herunterfährt und kaum ins Netz kommt :-( bin schon beim 3ten Versuch das OTL zu starten, irgendwie bricht die Kiste immer nach 15 Minuten ab! „Fehler der Festplatte RAM-Speicher Nutzung ist kritisch hoch. RAM-Speicher gescheitert ... Gruß Franky |
28.04.2011, 12:45 | #2 |
/// Malware-holic | TR/Kazy.mekml.1 ... SOS versuchs mal im abgesicherten modus, bei start f8 drücken.
__________________
__________________ |
28.04.2011, 12:45 | #3 |
| TR/Kazy.mekml.1 ... SOS so, beim Schreiben ist er wieder abgestürzt ... und fährt wieder von alleine runter ... was nun?
__________________danke |
28.04.2011, 12:46 | #4 |
| TR/Kazy.mekml.1 ... SOS ok, versuch ich gleich, sobald ich die Kiste wieder hochfahren kann, danke |
28.04.2011, 13:08 | #5 |
| TR/Kazy.mekml.1 ... SOS hab im abgesicherten modus gestartet, otl find auch viel schneller an zu rattern, seit 10 minuten aber keine Bewegung mehr, mittlerweile kann ich nicht mal mehr das otl-menu anschauen :-( wo werden die 2 txt dateien gespeichert? |
28.04.2011, 13:09 | #6 |
/// Malware-holic | TR/Kazy.mekml.1 ... SOS bist du im abgesicherten modus mit netzwerk? falls ja versuch mal otl über den taskmanager abzuschießen und dann im abgesicherten modus ohne netzwerk starten. bitte nicht am pc arbeiten während otl läuft. lass es aber jetzt erst mal noch 10 min laufen vllt fängt es sich
__________________ --> TR/Kazy.mekml.1 ... SOS |
28.04.2011, 13:13 | #7 |
| TR/Kazy.mekml.1 ... SOS hab die erste Zeile "abgesicherter Modus" genommen, erst danach kamen die Auswahlmöglichkeiten wie z.B. mit Netwerk ... Ich arbeite nicht am infizierten Laptop, den lasse ich nebenbei laufen. Hab ja noch meine alte Kiste ... mit der ich mit euch kommunizieren kann ... OTL habe ich auf dem Stick heruntergeladen, sowie den ganzen Text ... um es dann auf den defekten Laptop zu starten ... ok, ich wart mal noch 10 Minuten, dann versuch ich es erneut ... wird schon wieder |
28.04.2011, 13:15 | #8 |
/// Malware-holic | TR/Kazy.mekml.1 ... SOS falls nicht, versuchs mal ohne den text einzukopieren, also einfach auf scan
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.04.2011, 13:27 | #9 |
| TR/Kazy.mekml.1 ... SOS ok, ohne text hab ich was ... Extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2011 14:22:42 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = F:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 96,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,69 Gb Total Space | 37,25 Gb Free Space | 26,11% Space Free | Partition Type: NTFS Drive D: | 137,70 Gb Total Space | 106,98 Gb Free Space | 77,69% Space Free | Partition Type: NTFS Drive F: | 7,46 Gb Total Space | 7,30 Gb Free Space | 97,91% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: Pam & Franky | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3402982626-4064858815-2228441422-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2033D317-4BEE-4943-B253-487388EBA374}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{6D6B9E56-B86F-4DA1-B6BD-09348DD63759}" = lport=2869 | protocol=6 | dir=in | app=system | "{882109EE-9504-4165-A752-9E7E39BC32E2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{EABEBA62-B166-48FB-815E-428121034287}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F9B571D6-97F4-4FCF-A047-045B08026C67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{089D61CC-F0D8-4A13-9E51-C68B80F57B07}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{31784ACC-0DDD-4F5A-B74D-5977A76CFBEA}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{41C6E3A2-741B-4CBD-9795-64BC8892C80F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{47679965-8BB0-4209-969A-10A00D896124}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{520A6135-89B7-4A64-9C4B-D50385638488}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{5E006C81-E589-4EBE-B0BB-4D1A58932630}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{61DF41BD-86F2-4D9B-A868-33C6E64F8BDF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{6F9CB143-F557-450F-9A3C-AC8ACCBA94F6}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{AB4B521E-DCE0-477E-9030-C1358AC0BE6C}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{B415A630-E840-443E-910A-9F9B1AF03255}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{CD0E2C12-1BD3-4805-8BC6-C12B9E7923A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EA44BD1B-7E43-4181-BA94-B5D140D4A140}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "TCP Query User{537BED69-9758-4792-A9F0-98D696A84F38}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{576377E5-6332-4F2F-AD93-51192DDFBAF9}D:\program files\numnumspiel\numnumserver.exe" = protocol=6 | dir=in | app=d:\program files\numnumspiel\numnumserver.exe | "TCP Query User{657DB1B4-AE3F-48C8-BA8B-D542D193190B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{8D3A4706-F16C-4793-946C-DB024B85DDA9}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | "UDP Query User{242168F6-3279-4651-A5DD-939F62D3B907}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | "UDP Query User{507B6F28-7841-4071-9B04-D4E71FFF00BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{CEDDBD8D-35CF-4432-875F-1A3719A025F1}D:\program files\numnumspiel\numnumserver.exe" = protocol=17 | dir=in | app=d:\program files\numnumspiel\numnumserver.exe | "UDP Query User{CF7214FB-5A5F-4817-8AF8-756A9C7F2EB0}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "76322c23820ae7473cdebbff3eceb262" = Cars "7-Zip" = 7-Zip 4.65 "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Any Video Converter_is1" = Any Video Converter 3.1.9 "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "dm-Fotowelt" = dm-Fotowelt "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EA Download Manager" = EA Download Manager "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Audio Converter_is1" = Free Audio Converter version 2.0 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "IrfanView" = IrfanView (remove only) "LIDL Fotoservice_is1" = LIDL Fotoservice "Lidl-Fotos_is1" = Lidl-Fotos "LManager" = Launch Manager "maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NumNumSpiel" = NumNumSpiel "NVIDIA Drivers" = NVIDIA Drivers "PROPLUS" = Microsoft Office Professional Plus 2007 "RealPlayer 6.0" = RealPlayer "Rossmann Fotoservice_is1" = Rossmann Fotoservice "SCHLECKERFotobuch" = SCHLECKERFotobuch 3.65 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.9 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.6 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3402982626-4064858815-2228441422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.04.2010 15:10:04 | Computer Name = Laptop | Source = WinMgmt | ID = 10 Description = Error - 28.04.2010 15:10:10 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 28.04.2010 15:10:10 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.04.2010 01:43:10 | Computer Name = Laptop | Source = System Restore | ID = 8193 Description = Error - 29.04.2010 01:49:53 | Computer Name = Laptop | Source = WinMgmt | ID = 10 Description = Error - 29.04.2010 01:50:03 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.04.2010 01:50:03 | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 29.04.2010 05:59:09 | Computer Name = Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 29.04.2010 05:59:09 | Computer Name = Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 29.04.2010 05:59:09 | Computer Name = Laptop | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7026 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = Error - 28.04.2011 08:23:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001 Description = < End of report > |
28.04.2011, 13:28 | #10 |
| TR/Kazy.mekml.1 ... SOS OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2011 14:22:42 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = F:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 96,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,69 Gb Total Space | 37,25 Gb Free Space | 26,11% Space Free | Partition Type: NTFS Drive D: | 137,70 Gb Total Space | 106,98 Gb Free Space | 77,69% Space Free | Partition Type: NTFS Drive F: | 7,46 Gb Total Space | 7,30 Gb Free Space | 97,91% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: Pam & Franky | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - F:\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_6930g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_6930g IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_6930g IE - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000..\Run: [scIeDgaoTLYN] C:\ProgramData\scIeDgaoTLYN.exe (WinTrust) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Pam & Franky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Pam & Franky\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Pam & Franky\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 08:15:03 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{D9F4A69C-4782-4681-B227-3A0E837DF2F6} [2011.04.27 20:08:57 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{B1D4918B-5D39-42E2-A3E2-35F5369AD44F} [2011.04.27 19:05:52 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Roaming\Avira [2011.04.27 15:50:11 | 000,573,440 | -H-- | C] (WinTrust) -- C:\ProgramData\scIeDgaoTLYN.exe [2011.04.27 07:46:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 07:46:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 07:45:59 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.27 07:38:25 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{337B6FE6-A64E-4BF1-81FC-4600139AD3CB} [2011.04.26 06:26:05 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{E8992A2A-FB9F-433D-A2AE-D22934D2D7E7} [2011.04.25 08:50:39 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{E9914411-6E4B-488E-BA4F-9DEFA887FB6A} [2011.04.24 07:52:25 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{14F73BE9-3F6B-43B4-AC60-04D0E0CF1527} [2011.04.23 23:07:40 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{467683BA-074B-4368-9F84-2B9EEFE784BE} [2011.04.22 19:04:39 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{0DC70F64-D1AF-4B2E-A992-2695E2DDC73B} [2011.04.18 08:13:37 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{83341F59-CD02-4E4C-9BA3-C4DE64299E89} [2011.04.17 10:55:31 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{A184B2D0-2C21-4BE8-BF1A-105EB782799F} [2011.04.16 14:38:22 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{104E7787-9B4B-4377-83C5-8259A9D80F99} [2011.04.16 14:30:00 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.14 03:53:56 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\AppData\Local\{461CA614-0635-405D-805E-E3D7E75BB85A} [2011.04.13 13:28:06 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 13:28:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 13:28:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.13 13:28:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 13:28:00 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 13:28:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.13 13:28:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 13:28:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 13:28:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.13 13:28:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.13 13:27:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.13 13:27:59 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.13 13:27:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.13 13:27:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.13 13:27:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.13 13:27:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.13 13:27:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.13 13:27:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.13 13:27:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.13 13:27:55 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 13:27:54 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 13:27:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 13:27:50 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 13:27:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 13:27:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.04 17:54:39 | 000,000,000 | ---D | C] -- C:\Users\Pam & Franky\Desktop\HERAKLES [2008.07.22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.04.28 14:22:03 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.04.28 14:18:22 | 000,002,299 | ---- | M] () -- C:\Users\Pam & Franky\AppData\Roaming\acervcmtmp.ini [2011.04.28 14:18:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.04.28 14:18:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 14:17:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 14:17:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 13:56:42 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 13:56:42 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 13:56:42 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 13:56:42 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.28 13:48:01 | 000,491,520 | ---- | M] () -- C:\ProgramData\40886024.exe [2011.04.28 13:17:44 | 350,977,287 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.28 11:49:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.27 15:50:11 | 000,573,440 | -H-- | M] (WinTrust) -- C:\ProgramData\scIeDgaoTLYN.exe [2011.04.27 15:34:44 | 000,028,504 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.04.24 08:13:50 | 000,028,504 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.04.16 14:29:57 | 000,001,036 | ---- | M] () -- C:\Users\Pam & Franky\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.16 14:29:48 | 000,001,195 | ---- | M] () -- C:\Users\Pam & Franky\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.14 03:51:27 | 000,410,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.11 21:06:57 | 000,012,431 | ---- | M] () -- C:\Users\Pam & Franky\Desktop\FAHRKARTE FREDO#.pdf [2011.04.11 18:10:17 | 000,066,076 | ---- | M] () -- C:\Users\Pam & Franky\Desktop\VfR_Termine_F1_April_bis_Juni_2011.pdf [2011.04.04 11:31:05 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.03.31 16:12:37 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys ========== Files Created - No Company Name ========== [2011.04.28 13:47:57 | 000,491,520 | ---- | C] () -- C:\ProgramData\40886024.exe [2011.04.16 14:29:48 | 000,001,195 | ---- | C] () -- C:\Users\Pam & Franky\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.11 21:06:56 | 000,012,431 | ---- | C] () -- C:\Users\Pam & Franky\Desktop\FAHRKARTE FREDO#.pdf [2011.04.11 18:10:15 | 000,066,076 | ---- | C] () -- C:\Users\Pam & Franky\Desktop\VfR_Termine_F1_April_bis_Juni_2011.pdf [2010.11.02 19:02:50 | 000,000,701 | ---- | C] () -- C:\Windows\wiso.ini [2010.05.19 21:51:07 | 000,000,680 | ---- | C] () -- C:\Users\Pam & Franky\AppData\Local\d3d9caps.dat [2010.02.19 11:43:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.02.15 14:59:03 | 000,002,299 | ---- | C] () -- C:\Users\Pam & Franky\AppData\Roaming\acervcmtmp.ini [2009.10.20 21:39:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 21:39:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.01 11:48:28 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.05.20 20:39:51 | 000,453,188 | ---- | C] () -- C:\Users\Pam & Franky\AppData\Roaming\mdbu.bin [2009.04.10 21:48:27 | 000,061,440 | ---- | C] () -- C:\Users\Pam & Franky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.09 18:43:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.04.09 11:47:16 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2009.04.09 09:29:30 | 000,028,504 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2009.04.09 09:29:23 | 000,028,504 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2009.04.04 21:07:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.30 12:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.07.30 03:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.07.30 03:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.07.30 03:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.07.30 03:25:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 09:15:58 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,410,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.07.30 04:10:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console [2008.07.30 04:10:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console [2009.04.09 11:23:47 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\Acer [2008.07.30 04:10:28 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\Acer GameZone Console [2011.03.23 18:52:48 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\AnvSoft [2010.11.02 19:00:45 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\Buhl Data Service [2009.06.13 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\Canneverbe_Limited [2011.04.16 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.03 13:45:55 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\Facebook [2009.04.10 21:17:45 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\IrfanView [2009.06.26 21:11:46 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\SCHLECKERFotobuch [2009.05.17 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Pam & Franky\AppData\Roaming\uTorrent [2011.04.04 11:31:05 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.04.28 13:48:22 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C95B63DA < End of report > |
28.04.2011, 13:37 | #11 |
| TR/Kazy.mekml.1 ... SOS jetzt Malwarebytes gestartet |
28.04.2011, 13:39 | #12 |
/// Malware-holic | TR/Kazy.mekml.1 ... SOS wo hab ich was von Malwarebytes geschrieben, brich es ab sehe mir erst otl an
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.04.2011, 13:40 | #13 | |
| TR/Kazy.mekml.1 ... SOSZitat:
abbruch |
28.04.2011, 13:42 | #14 |
/// Malware-holic | TR/Kazy.mekml.1 ... SOS • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000..\Run: [EA Core] File not found O4 - HKU\S-1-5-21-3402982626-4064858815-2228441422-1000..\Run: [scIeDgaoTLYN] C:\ProgramData\scIeDgaoTLYN.exe (WinTrust) [2011.04.28 13:48:01 | 000,491,520 | ---- | M] () -- C:\ProgramData\40886024.exe :Files [2011.04.27 15:50:11 | 000,573,440 | -H-- | C] (WinTrust) -- C:\ProgramData\scIeDgaoTLYN.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. start im normalen modus funktioniert wieder. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.04.2011, 14:02 | #15 |
| TR/Kazy.mekml.1 ... SOS ist es normal, wenn das system ca. 30 sekunden rattert, sich danach nichts mehr tut ??? oder hätte ich die einstellungen im otl-menu eventuell nicht wie beim scannen anklicken sollen (MinimalAusgabe/alle Benutzer/LOP/Purity/SafeList) ??? |
Themen zu TR/Kazy.mekml.1 ... SOS |
5 minuten, ahnung, community, dateien, falsche, festplatte, infizierte, kis, laptop, laufen, liebe, melde, minute, minuten, neu, nutzung, online, otl scan, platte, scan, starte, starten, thread, troja, trojaner, virenbekämpfung |