| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekml.1 mich hats auch erwischtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.04.2011, 13:31
| #1 | |
| |  TR/Kazy.mekml.1 mich hats auch erwischt Mich hats leider auch erwischt - Desktop schwaz - Verknüpfungen und daten "weg" - Fakefehlermeldung Extras.TXT vom OTL OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2011 14:22:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melanie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 417,76 Gb Free Space | 72,51% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 3,26 Gb Free Space | 16,28% Space Free | Partition Type: FAT32
Drive F: | 931,28 Gb Total Space | 925,00 Gb Free Space | 99,32% Space Free | Partition Type: FAT32
Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FAF101A8-4D55-49B2-9695-F968C584A431}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DCF6CB-08D4-4352-B031-59CDC2E39FA7}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{2052B0F6-C320-4A51-A7DC-5F76664D67F7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{228F83F3-DFDE-48AE-B230-1540D92CCE70}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2F2BA981-6AB0-437B-82E8-638BD96701C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{327491AB-DCE3-4AC6-9FED-1A075460CFCA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{40BC69D8-8FB2-43C8-B822-BC67FCBB931B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{41A13FD6-1A0D-4611-B670-CA5B33EE7D8F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4A3E4347-2D81-49F4-BD52-8EE1B91FF519}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4CBDCE48-220A-4AC1-A9DF-08DB8ADC463E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4F8724F1-9403-47AF-B46C-DA8460B359BB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{503A5A49-6B51-4EAF-8606-9198C6FECD41}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{5A6DD73B-AE92-436E-9213-94C570BFB29B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6794FD54-A4B2-430F-BE8D-563D1D5DF3A5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6B7010AC-7729-439F-845A-67B747B80084}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{77735337-3871-4E2A-B5AF-AAB5E766F35D}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{7F3F4A8D-33A9-4ADC-BE32-1BE99419E8EC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8293129F-EE95-41FB-8E9D-E28C68B9F1A1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{888E0D64-B183-4FA5-82BA-0F26D41D1A51}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{937A2086-0A5A-473D-A0F9-1963CADB181B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9F75EBBE-9CBF-49C0-B3BF-9FD2A3536C25}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{ABCA4D38-212D-4D93-BA02-53EDF5579260}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AEE3C337-5B4E-4914-BDCA-7B940E4D142B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{B6D77873-69F2-44E3-9A84-7A3D91C9AF40}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{BA474D20-BF06-4AB8-ADE6-458A83572FA9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C12E8AED-4005-49CB-BDA5-07CC4718F807}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C8E59C92-380E-4246-B473-15A6E83B44C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CA5B3499-24F4-483E-A282-237379D499AD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CD2A2344-7D7B-4088-B396-26D7F2295EFD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D042162E-93A2-4B69-A856-12E27B949CAA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D2CBEF93-F3B9-451F-A39F-73AB909A6C5F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D994C188-7C98-439B-87B1-47D0D9A2E011}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DFC64DEB-9876-4E4C-8043-A312A4301870}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{E05363AD-1FA7-4512-B7E9-EBE272C5698F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E6007301-5CFF-4A9E-B5DE-5C35AC9C27D0}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{E83DDC0B-02F9-4859-9939-5F91CB39A2DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9761D22-638F-4754-8700-64B9385B7C8E}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2A81AC58-693C-4930-BBDB-A73B1E343AA3}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{40B231E8-2855-474D-90BF-415A883A5698}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{77FC0B2C-A904-4A7F-BB27-57459CC5222B}C:\users\melanie\downloads\quake 3 arena\quake 3 arena\quake3.exe" = protocol=6 | dir=in | app=c:\users\melanie\downloads\quake 3 arena\quake 3 arena\quake3.exe |
"UDP Query User{4DEFA010-F93B-4890-8900-9A6727E3D62C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6432E4BA-C8BC-4719-AC92-9C497CA9A3A8}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{88DE30F0-F99C-4013-AEE8-86DB9EE29215}C:\users\melanie\downloads\quake 3 arena\quake 3 arena\quake3.exe" = protocol=17 | dir=in | app=c:\users\melanie\downloads\quake 3 arena\quake 3 arena\quake3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8e584a1b-90d7-4add-93e0-fe4b4ac5f57f}" = Nero 9 Lite
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Easy-Shutdown" = Easy-Shutdown 1.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Furnish Pro" = Furnish Pro
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PhotoScape" = PhotoScape
"Pixie_is1" = Pixie 1.4.1
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"CreepSmash.com" = CreepSmash.com
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL.txt vom OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2011 14:22:18 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melanie\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 417,76 Gb Free Space | 72,51% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 3,26 Gb Free Space | 16,28% Space Free | Partition Type: FAT32 Drive F: | 931,28 Gb Total Space | 925,00 Gb Free Space | 99,32% Space Free | Partition Type: FAT32 Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melanie\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\kmQvQcUSBfWiJhv.exe (WinTrust) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\NETGEAR\WPN311\wlancfg5.exe () PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Melanie\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (athr) -- C:\Windows\System32\drivers\WPN311.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 13:50:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 13:50:34 | 000,000,000 | ---D | M] [2009.10.03 12:42:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions [2011.04.28 13:18:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions [2010.04.28 13:30:09 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.28 10:41:12 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.03.21 14:13:10 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.02.02 13:28:42 | 000,000,000 | -H-D | M] (Update Notifier) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.29 15:14:12 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.07.07 15:50:48 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\battlefieldheroespatcher@ea.com [2011.04.23 18:24:02 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\DTToolbar@toolbarnet.com [2011.03.31 09:05:29 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\toolbar@ask.com [2010.01.29 20:15:26 | 000,000,881 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\conduit.xml [2010.06.06 12:46:11 | 000,002,059 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\daemon-search.xml [2011.04.23 01:18:13 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-1.xml [2010.11.09 16:48:26 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-10.xml [2011.01.24 17:50:48 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-11.xml [2011.03.16 09:11:58 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-12.xml [2011.03.24 13:50:47 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-13.xml [2011.04.01 09:28:54 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-14.xml [2010.01.29 20:16:03 | 000,000,961 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-2.xml [2010.02.24 19:59:33 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-3.xml [2010.04.07 12:45:35 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-4.xml [2010.06.06 12:55:32 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-5.xml [2010.07.06 10:14:52 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-6.xml [2010.08.01 14:47:19 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-7.xml [2010.10.05 09:30:07 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-8.xml [2010.10.28 16:23:31 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-9.xml [2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin.xml [2010.06.21 20:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.27 22:49:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.02.02 13:28:15 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.02.02 13:28:14 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2009.10.03 13:59:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.02 12:48:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.23 21:02:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.03.16 09:11:34 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.16 09:11:34 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.16 09:11:34 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.16 09:11:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.16 09:11:34 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [kmQvQcUSBfWiJhv] C:\ProgramData\kmQvQcUSBfWiJhv.exe (WinTrust) O4 - Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{63b1e644-afb2-11de-9d56-dccde4ff10c9}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler library.htm O33 - MountPoints2\{b31016e5-7159-11df-b5ad-406186022260}\Shell - "" = AutoRun O33 - MountPoints2\{b31016e5-7159-11df-b5ad-406186022260}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 14:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.28 14:07:31 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.28 13:41:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.04.28 13:27:18 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.28 13:20:47 | 000,573,440 | -H-- | C] (WinTrust) -- C:\ProgramData\kmQvQcUSBfWiJhv.exe [2011.04.28 10:43:34 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Local\Yahoo [2011.04.28 10:41:19 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus [2011.04.28 10:41:16 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Local\Yahoo! [2011.04.28 10:40:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Yahoo! Companion [2011.04.28 10:40:55 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Roaming\Yahoo! [2011.04.28 10:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger [2011.04.28 10:40:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Yahoo! [2011.04.28 10:35:27 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo! [2011.04.27 11:47:58 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 11:47:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.26 12:00:48 | 000,000,000 | ---D | C] -- C:\Programme\Easy-Shutdown [2011.04.26 12:00:45 | 000,000,000 | ---D | C] -- C:\Windows\uninstall [2011.04.14 15:37:16 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 15:37:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 15:37:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 15:37:12 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 15:37:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 15:37:06 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.14 15:37:05 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.14 15:37:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 15:37:05 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 15:37:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 15:37:05 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.14 15:37:05 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.14 15:37:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 15:37:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.14 15:37:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.14 15:36:58 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 15:36:56 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 15:36:55 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 14:25:43 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 14:25:43 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 14:25:43 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.28 14:25:42 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 14:18:51 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 14:18:51 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 14:18:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 14:18:41 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2011.04.28 13:53:59 | 000,000,680 | -H-- | M] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat [2011.04.28 13:27:19 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~38592264 [2011.04.28 13:27:19 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~38592264r [2011.04.28 13:27:11 | 000,000,336 | -H-- | M] () -- C:\ProgramData\38592264 [2011.04.28 13:27:07 | 000,032,061 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.04.28 13:27:07 | 000,032,061 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.04.28 13:20:47 | 000,573,440 | -H-- | M] (WinTrust) -- C:\ProgramData\kmQvQcUSBfWiJhv.exe [2011.04.26 12:00:48 | 000,001,756 | -H-- | M] () -- C:\Users\Melanie\Desktop\Easy-Shutdown.lnk [2011.04.19 17:50:33 | 000,394,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.28 13:55:15 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys [2011.04.28 13:27:19 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~38592264 [2011.04.28 13:27:19 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~38592264r [2011.04.28 13:27:11 | 000,000,336 | -H-- | C] () -- C:\ProgramData\38592264 [2011.04.26 12:00:48 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Shutdown.lnk [2011.04.26 12:00:48 | 000,001,756 | -H-- | C] () -- C:\Users\Melanie\Desktop\Easy-Shutdown.lnk [2010.07.07 16:18:47 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.07 16:18:47 | 000,138,056 | -H-- | C] () -- C:\Users\Melanie\AppData\Roaming\PnkBstrK.sys [2010.07.07 16:18:25 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.07.07 16:18:23 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe [2010.07.07 16:18:23 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.10.04 15:13:34 | 000,009,216 | -H-- | C] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.04 15:07:41 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.04 15:07:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.10.03 03:01:04 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2009.10.03 02:36:56 | 000,032,061 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2009.10.03 02:36:55 | 000,032,061 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2009.10.03 02:22:33 | 000,000,680 | -H-- | C] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,394,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > wie gehts nun weiter ? CCL oder wie das heißt ist schon drüber gelaufen Bericht nach Scan und löschen von 4 gefundenen Dateien Zitat:
|
|
06.05.2011, 11:51
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy.mekml.1 mich hats auch erwischt Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
| Themen zu TR/Kazy.mekml.1 mich hats auch erwischt |
| autorun, avgntflt.sys, avira, bho, bonjour, conduit, converter, defender, desktop, error, excel, excel.exe, firefox addon, format, google, helper, home, install.exe, joke.stressreducer, location, logfile, microsoft office word, mozilla, mp3, netgear, nvlddmkm.sys, oldtimer, registry, rundll, saver, scan, sched.exe, searchplugins, security, shell32.dll, shortcut, software, sptd.sys, start menu, tcp, udp, vista |
Textbox.
.
Linear-Darstellung
