| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/kazy.mekml, Festplatte beschädigt, Dateien wegWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
21.04.2011, 16:35
| #1 |
 |  TR/kazy.mekml, Festplatte beschädigt, Dateien weg Hallo zusammen! Ich habe mich hier angemeldet, weil auch mein Rechner mit dem Trojaner Kazy.mekml infiziert ist. Seitdem fehlen Dateien auf meinem Desktop, sowie auf dem restlichen Teil meiner Festplatte. Dei zweite Partition ist nicht betroffen! Zudem sagt mir Windows 7 (32bit) ständig, dass meine Festplatte beschädigt ist. Auch Avira popt immer wieder auf und sagt mir, dass eben dieser Trojaner sich auf meinem Rechner befindet. Löschen hilft auch nicht. Außerdem hatte ich eben einen Bluescreen aufgrund eines Grafiktreiber, weiß aber nicht obs mit dem Trojaner zusammenhängt! Ich hoffe mir kann jemand weiterhelfen! EDIT: Was mir auch noch aufgefallen ist, ich habe seit einer Woche noch ein zusätzliches Laufwerk Q:, auf welches ich nicht zugreifen kann! Mit freundlichen Grüßen Brote Hier meine Anti-Malware Logfile: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6412 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.04.2011 17:33:03 mbam-log-2011-04-21 (17-33-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 175743 Laufzeit: 6 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> 3792 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{5283BA48-B3A8-A4C7-4C8B-5FC46A91D3D3} (Trojan.ZbotR.Gen) -> Value: {5283BA48-B3A8-A4C7-4C8B-5FC46A91D3D3} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Benjamin\AppData\Local\Temp\0.29800580620327444.exe (Trojan.Dropper) -> Quarantined and deleted successfully. OTL:OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 21.04.2011 17:38:23 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 24,99 Gb Total Space | 0,86 Gb Free Space | 3,45% Space Free | Partition Type: NTFS Drive D: | 273,09 Gb Total Space | 25,98 Gb Free Space | 9,51% Space Free | Partition Type: NTFS Drive E: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BENJAMIN-NB | User Name: Benjamin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Program Files\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios) PRC - D:\Program Files\Verbindungsassistent\WTGService.exe () PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Windows\System32\lxczcoms.exe ( ) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- File not found SRV - (HiPatchService) -- D:\Program Files\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios) SRV - (WTGService) -- D:\Program Files\Verbindungsassistent\WTGService.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (TuneUp.Defrag) -- D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (NovacomD) -- C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OMSI download service) -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (TuneUpUtilitiesDrv) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (TTCinergyT2) TerraTec Cinergy T² (BDA) -- C:\Windows\System32\drivers\TTCinergyT2BDA.sys (TerraTec Electronic GmbH) DRV - (PID_0920) Logitech QuickCam Express(PID_0920) -- C:\Windows\System32\drivers\LV532AV.SYS () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 9E 23 6E 04 34 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.mydtzone.com/startpage|hxxp://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: {b9615918-d3de-44a4-ab65-76df7ea1f1c1}:0.3.13 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.9 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.04.03 15:52:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.03 15:52:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.03.13 15:40:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2011.01.29 18:28:33 | 000,000,000 | ---D | M] [2010.01.22 17:44:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions [2010.01.22 17:44:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.20 20:22:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions [2011.04.20 20:22:25 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.07.27 21:08:04 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.04.14 14:35:15 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\DeviceDetection@logitech.com [2011.02.04 13:35:08 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\foxyproxy@eric.h.jung [2010.05.30 18:29:00 | 000,001,819 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\searchplugins\bing.xml [2011.04.08 18:28:05 | 000,002,059 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\searchplugins\daemon-search.xml File not found (No name found) -- () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{B9615918-D3DE-44A4-AB65-76DF7EA1F1C1}.XPI () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI [2010.02.04 01:36:43 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.01.22 18:44:51 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [Camfrog] D:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 [2010.10.17 16:28:41 | 000,000,000 | ---D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Read with DeskBot - D:\Program Files\BellCraft.com\DeskBot\DeskBot.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.09.11 01:09:29 | 000,000,047 | -H-- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{299b1013-523f-11e0-ba6d-001e101f2b52}\Shell - "" = AutoRun O33 - MountPoints2\{299b1013-523f-11e0-ba6d-001e101f2b52}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun O33 - MountPoints2\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun O33 - MountPoints2\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun O33 - MountPoints2\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{3b919da8-0768-11df-9993-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3b919da8-0768-11df-9993-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010.09.11 01:09:30 | 002,508,760 | ---- | M] () O33 - MountPoints2\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63cfba41-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{63cfba41-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63cfba96-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{63cfba96-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63cfba98-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{63cfba98-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63cfbac4-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{63cfbac4-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{63cfbac6-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{63cfbac6-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{644370d4-4f31-11e0-bedf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{644370d4-4f31-11e0-bedf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\Shell - "" = AutoRun O33 - MountPoints2\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\Shell\AutoRun\command - "" = F:\Autoplay\AutoRun.exe O33 - MountPoints2\{9430fa80-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun O33 - MountPoints2\{9430fa80-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9430fa88-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun O33 - MountPoints2\{9430fa88-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9430faac-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun O33 - MountPoints2\{9430faac-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9430fae8-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun O33 - MountPoints2\{9430fae8-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{973eebcd-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eebcd-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{973eebdb-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eebdb-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{973eebf8-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eebf8-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{973eec0d-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eec0d-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{973eed1a-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eed1a-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{973eed28-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eed28-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{973eed4d-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eed4d-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{973eed50-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eed50-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{973eed5a-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{973eed5a-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\Shell - "" = AutoRun O33 - MountPoints2\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 16:51:28 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Malwarebytes [2011.04.21 16:51:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.21 16:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.21 16:51:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 16:51:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.14 14:31:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 14:31:09 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 14:31:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 14:31:06 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 14:31:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 14:30:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.14 14:30:59 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 14:30:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 14:30:59 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 14:30:59 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.14 14:30:59 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 14:30:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.14 14:30:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.14 14:30:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.14 14:30:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.14 14:30:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.14 14:30:31 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 14:30:29 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 14:30:29 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 14:30:27 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.11 19:08:28 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2011.04.11 19:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2 [2011.04.08 18:28:40 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.04.08 18:28:05 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar [2011.04.08 18:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.04.08 18:27:46 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite [2011.04.08 18:27:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.04.03 18:29:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\VirtualizedApplications [2011.04.03 16:18:04 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Local\SoftGrid Client [2011.04.03 16:17:59 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\SoftGrid Client [2011.04.03 16:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Business (Deutsch) [2011.04.03 16:16:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2011.04.03 16:16:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.04.03 16:16:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Application Virtualization Client [2011.04.03 16:15:26 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\TP [2011.03.29 19:38:20 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Ventrilo [2011.03.29 19:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo [2011.03.28 10:44:35 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\Documents\My Games [2011.03.28 01:11:59 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Hi-Rez Studios [2011.03.28 01:11:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Hi-Rez Studios [2011.03.28 01:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios [2011.03.28 00:46:56 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.0 [2011.03.27 18:51:37 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Local\CrashRpt [2011.02.03 21:14:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll [2011.02.03 21:14:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll [2011.02.03 21:14:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll [2011.02.03 21:14:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll [2011.02.03 21:14:31 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll [2011.02.03 21:14:31 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll [2011.02.03 21:14:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll [2011.02.03 21:14:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll [2011.02.03 21:14:31 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe [2011.02.03 21:14:31 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe [2011.02.03 21:14:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll [2011.02.03 21:14:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll [2011.02.03 21:14:30 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll [2011.02.03 21:14:30 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll [2011.02.03 21:14:30 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe [2010.07.29 17:37:44 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA454.dll ========== Files - Modified Within 30 Days ========== [2011.04.21 17:33:13 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rpld.sys [2011.04.21 17:33:13 | 000,000,234 | ---- | M] () -- C:\Windows\System32\pbucn [2011.04.21 17:23:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 17:23:10 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys [2011.04.21 16:51:19 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 16:13:00 | 000,014,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 16:13:00 | 000,014,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 15:30:14 | 000,656,484 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 15:30:14 | 000,616,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 15:30:14 | 000,130,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 15:30:14 | 000,107,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.16 09:38:23 | 000,286,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.08 18:28:40 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.04.08 18:28:04 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011.04.03 15:52:34 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.03.29 19:38:01 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011.03.29 19:37:57 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2011.03.28 01:11:10 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Global Agenda Launcher.lnk [2011.03.28 00:46:56 | 000,001,002 | -H-- | M] () -- C:\Users\Benjamin\Desktop\Camfrog Video Chat 6.0.lnk [2011.03.28 00:45:41 | 012,470,832 | -H-- | M] () -- C:\Users\Benjamin\Desktop\camfrog_5.5.exe ========== Files Created - No Company Name ========== [2011.04.21 17:33:13 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rpld.sys [2011.04.21 17:33:13 | 000,000,234 | ---- | C] () -- C:\Windows\System32\pbucn [2011.04.21 16:51:19 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.08 18:28:04 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011.04.03 15:52:33 | 000,000,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.29 19:37:57 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk [2011.03.29 19:37:49 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011.03.28 01:11:10 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Global Agenda Launcher.lnk [2011.03.28 00:46:56 | 000,001,002 | -H-- | C] () -- C:\Users\Benjamin\Desktop\Camfrog Video Chat 6.0.lnk [2011.03.28 00:45:22 | 012,470,832 | -H-- | C] () -- C:\Users\Benjamin\Desktop\camfrog_5.5.exe [2011.02.03 21:17:27 | 000,000,094 | ---- | C] () -- C:\Windows\Lexstat.ini [2011.02.03 21:14:32 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll [2011.02.03 21:14:32 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll [2010.12.27 19:54:14 | 000,000,032 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\packet [2010.11.30 22:35:18 | 000,007,605 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg [2010.08.08 22:39:11 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI [2010.08.08 22:37:21 | 000,000,840 | ---- | C] () -- C:\Windows\_delis32.ini [2010.08.08 22:36:19 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe [2010.07.01 17:08:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.20 13:21:39 | 000,006,656 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.10 18:30:43 | 000,002,903 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2010.02.10 18:30:37 | 000,000,748 | ---- | C] () -- C:\Windows\cm106.ini [2010.02.10 18:30:37 | 000,000,601 | ---- | C] () -- C:\Windows\cm106.ini.bak [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.14 10:47:43 | 000,656,484 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,826 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,286,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,990 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.02.07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2007.01.22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll [2006.06.07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll [2006.03.27 13:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll [2006.03.07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll [2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll [2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll [2005.01.31 10:13:22 | 000,163,328 | ---- | C] () -- C:\Windows\System32\drivers\LV532AV.SYS [2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Files - Unicode (All) ========== [2010.05.28 18:56:11 | 000,020,480 | -H-- | M] ()(C:\Users\Benjamin\Desktop\Gesu Pr?fung.doc) -- C:\Users\Benjamin\Desktop\Gesu Pr�fung.doc [2010.05.27 18:10:34 | 000,020,480 | -H-- | C] ()(C:\Users\Benjamin\Desktop\Gesu Pr?fung.doc) -- C:\Users\Benjamin\Desktop\Gesu Pr�fung.doc < End of report > --- --- --- OTL2:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 17:38:23 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,99 Gb Total Space | 0,86 Gb Free Space | 3,45% Space Free | Partition Type: NTFS
Drive D: | 273,09 Gb Total Space | 25,98 Gb Free Space | 9,51% Space Free | Partition Type: NTFS
Drive E: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BENJAMIN-NB | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{190297F8-14EC-4ECA-BFAC-72843DBFB382}" = Microsoft SharedView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DFD7F080-D4BB-4A72-8B19-8FD0CE34F780}" = NetSpeedMonitor 2.4.2.0 x86
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Atlantica Online" = Atlantica Online
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Camfrog 6.0" = Camfrog Video Chat 6.0
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DCoder Image Source" = DCoder Image Source (remove only)
"DeskBot_is1" = DeskBot
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Drumaxx" = Drumaxx
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"FL Studio 9" = FL Studio 9
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Generic USB 106 Sound" = TerraTec Headset Master 5.1 USB
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"iTunes Remote Helper_is1" = iTunes Remote Helper 1.73
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.5.74 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"MobMap_is1" = MobMap 4.01
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Pidgin" = Pidgin
"PoiZone" = PoiZone
"Pontifex Demo_is1" = Pontifex Demo 10.19.01
"Postal 2" = Postal 2
"ProgDVB" = ProgDVB
"ProgSatFinder" = Prog Finder
"RealMedia" = RealMedia (remove only)
"ResusSim Prehospital Demo" = ResusSim Prehospital Demo
"Sakura" = Sakura
"Sawer" = Sawer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = iTunesRemote
"StarCraft II Beta" = StarCraft II Beta
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TIPP10_is1" = TIPP10 Version 2.0.3
"Toxic Biohazard" = Toxic Biohazard
"Tremulous" = Tremulous 1.1.0
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"TuneUp Utilities" = TuneUp Utilities
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Verbindungsassistent" = Verbindungsassistent
"Videora Palm Pre Converter" = Videora Palm Pre Converter 5.04
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.5
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.04.2011 08:06:54 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 17.04.2011 11:40:23 | Computer Name = Benjamin-NB | Source = ESENT | ID = 482
Description = wuaueng.dll (980) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb"
bei Offset 131072 (0x0000000000020000) für 32768 (0x00008000) Bytes zu schreiben,
ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz
auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0)
bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise
beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error - 17.04.2011 14:08:02 | Computer Name = Benjamin-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.04.2011 14:08:02 | Computer Name = Benjamin-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
Error - 17.04.2011 14:08:02 | Computer Name = Benjamin-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
Error - 20.04.2011 18:34:56 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.04.2011 18:35:59 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search box extension\SrchBxEx.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search box extension\SrchBxEx.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 20.04.2011 18:35:59 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 20.04.2011 18:35:59 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SEPsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 20.04.2011 18:36:17 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
[ System Events ]
Error - 02.03.2011 18:00:08 | Computer Name = Benjamin-NB | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 07.03.2011 05:38:15 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2011 09:50:52 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2011 18:41:38 | Computer Name = Benjamin-NB | Source = bowser | ID = 8003
Description =
Error - 09.03.2011 05:21:58 | Computer Name = Benjamin-NB | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 09.03.2011 12:37:14 | Computer Name = Benjamin-NB | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?03.?2011 um 16:43:41 unerwartet heruntergefahren.
Error - 11.03.2011 23:51:38 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 12.03.2011 15:18:49 | Computer Name = Benjamin-NB | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 13.03.2011 09:25:43 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 15.03.2011 10:36:19 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
[ TuneUp Events ]
Error - 22.12.2010 04:08:30 | Computer Name = Benjamin-NB | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.12.2010 04:08:30 | Computer Name = Benjamin-NB | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 22.12.2010 04:08:30 | Computer Name = Benjamin-NB | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Geändert von brote (21.04.2011 um 17:08 Uhr) |
| Themen zu TR/kazy.mekml, Festplatte beschädigt, Dateien weg |
| anti-malware, appdata, avgntflt.sys, avira, beschädigt, bluescreen, dateien, dateien weg, desktop, explorer, festplatte, festplatte beschädigt, hallo zusammen, hängt, infiziert, install.exe, kazy.mekml, langs, location, logfile, löschen, microsoft, mozilla thunderbird, nicht gefunden, nvlddmkm.sys, oldtimer, otl.exe, plug-in, rechner, regedit.exe, remote control, richtlinie, saver, schattenkopien, sched.exe, searchplugins, shell, shell32.dll, software, start menu, taskhost.exe, temp, trojan.fakealert, trojan.zbotr.gen, trojaner, version, video converter, webcheck, windows, windows 7 |
Baum-Darstellung