Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.04.2011, 19:43   #1
sasch007
 
Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! - Standard

Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!



Hallo zusammen,

ich habe mir einen Trojaner eingefangen mit Namen TR/Kazy.mekml.1.

Es erscheint ein "Windows Recovery" Fenster worin beschrieben wird, dass mein RAM Speicher und irgendwelche Festplatten Cluster beschädigt sind.

Habe im Netz gegooglet und bin dann auf dieses Board hier gestoßen.

Ich kenne mich leider nicht ganz so gut aus was die Software und Sicherheit angeht, deshalb bitte ich euch um Rat. Habe eure Anleitung gelesen und Schritt für Schritt abgearbeitet.

Um noch ein, wirklich gruseliges, Symptom des Befalls zu nennen:

Ich höre Werbung für "Becks" und andere Dinge obwohl weder irgendein Wiedergabe Programm noch etwas anderes vergleichbares offen ist.

Nehme ich mein Laptop vom Netz, hab ich dieses Problem nicht mehr.

Auch meine Eigenen Dateien sind irgendwie verschwunden...

achja AntiVir sagt er hätte seinen "Fund" in Quarantäneverzeichnis "56cc3cb2.qua" verschoben...
Achja irgendwas mit dem AMD Catalyst Control Center stimmt auch nichtmehr auf einmal... zickt ständig herum.

Mein Freund war leider auch ratlos...


Hier folgen nun die Logfiles:

OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/22/2011 6:43:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Anderes\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.39 Gb Total Space | 229.38 Gb Free Space | 83.90% Space Free | Partition Type: NTFS
Drive D: | 182.27 Gb Total Space | 156.08 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
 
Computer Name: SASCH | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/04/22 18:33:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Anderes\Desktop\OTL.exe
PRC - [2011/04/07 11:07:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 18:47:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/05 10:18:50 | 000,133,432 | -H-- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.2\ICQ.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/02 17:09:40 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 17:09:34 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 23:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/17 02:00:40 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2009/12/09 19:15:21 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/04/22 18:33:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Anderes\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 03:16:04 | 002,255,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
MOD - [2009/07/14 03:16:02 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2009/07/14 03:08:30 | 012,038,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/04/07 11:07:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/02 17:09:40 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/04/07 11:07:24 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/26 21:36:37 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 16:27:04 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/09 21:39:45 | 005,147,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/12/09 18:22:19 | 000,121,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/12/09 17:02:47 | 006,229,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/12/05 03:50:02 | 000,082,128 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\EUCR6SK.SYS -- (EUCR)
DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2009/10/05 03:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/25 04:13:12 | 000,159,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/14 01:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/05/27 00:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.6
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 14:09:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 14:09:07 | 000,000,000 | ---D | M]
 
[2010/11/21 18:01:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/04/22 18:27:06 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\04dcelub.default\extensions
[2011/03/14 17:46:09 | 000,000,000 | -H-D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\04dcelub.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/12/27 18:03:21 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\04dcelub.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/03/14 17:46:10 | 000,000,000 | -H-D | M] (AddonFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\04dcelub.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}
[2011/04/17 10:30:20 | 000,000,950 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\04dcelub.default\searchplugins\icqplugin-1.xml
[2011/03/28 18:47:30 | 000,000,950 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\04dcelub.default\searchplugins\icqplugin-2.xml
[2010/12/27 18:03:21 | 000,000,168 | -H-- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\04dcelub.default\searchplugins\icqplugin.gif
[2010/12/27 18:03:21 | 000,000,618 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\04dcelub.default\searchplugins\icqplugin.src
[2011/03/17 17:32:03 | 000,001,056 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\04dcelub.default\searchplugins\icqplugin.xml
[2011/03/21 19:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/12/30 21:25:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/21 19:20:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/19 11:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/19 11:12:46 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/19 11:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/19 11:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/19 11:12:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/22 18:42:28 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/04/22 18:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/22 18:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/22 18:41:48 | 000,000,000 | ---D | C] -- C:\Users\'''\Desktop
[2011/04/22 18:33:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sabine Schuster\Anderes\Desktop\Erunt-setup.exe
[2011/04/22 18:33:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Anderes\Desktop\OTL.exe
[2011/04/22 18:33:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Anderes\Desktop\TFC.exe
[2011/04/21 11:45:22 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/04/12 20:58:54 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{CF250029-412D-4C11-B083-D6C121F3669D}
[2011/04/10 11:13:19 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{B48CBF11-46A1-43E6-9320-09C81D0ADAA4}
[2011/04/10 00:03:58 | 000,000,000 | -H-D | C] -- C:\Users\***\Anderes\Desktop\Neuer Ordner
[2011/04/04 20:53:17 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{C80E2938-5F9E-404D-A4A2-944230CC3220}
[2011/04/03 22:15:52 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{D7755AC4-D740-40AF-AFAD-BF99853FCE01}
[2011/04/02 14:20:13 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011/04/02 14:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/02 14:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/02 14:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/02 14:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/02 14:18:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2011/04/02 14:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/04/02 14:08:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple Computer
[2011/04/02 14:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/02 14:08:40 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Apple
[2011/04/02 14:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/04/02 14:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/02 14:07:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple
[2011/04/02 14:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/04/01 21:52:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{BB9491EB-F902-460C-881E-2FE4BE7C933C}
[2011/03/29 20:07:46 | 000,000,000 | -H-D | C] -- C:\SysRestore
[2010/01/29 23:45:23 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/22 18:44:08 | 000,017,376 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 18:44:08 | 000,017,376 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 18:40:14 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/22 18:36:53 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/22 18:36:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/22 18:36:10 | 2552,381,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/22 18:33:45 | 000,301,568 | ---- | M] () -- C:\Users\***\Anderes\Desktop\g2m3e4r.exe
[2011/04/22 18:33:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Anderes\Desktop\OTL.exe
[2011/04/22 18:33:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Anderes\Desktop\TFC.exe
[2011/04/22 18:33:39 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sabine Schuster\Anderes\Desktop\Erunt-setup.exe
[2011/04/22 18:33:08 | 000,377,260 | ---- | M] () -- C:\Users\***\Anderes\Desktop\Load.exe
[2011/04/21 11:45:22 | 000,000,647 | -H-- | M] () -- C:\Users\***\Anderes\Desktop\Windows Recovery.lnk
[2011/04/21 11:45:22 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~29744904
[2011/04/21 11:45:22 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~29744904r
[2011/04/21 11:45:21 | 000,000,328 | -H-- | M] () -- C:\ProgramData\29744904
[2011/04/21 11:45:19 | 000,487,424 | ---- | M] () -- C:\ProgramData\29744904.exe
[2011/04/21 11:36:13 | 000,569,344 | -H-- | M] () -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011/04/16 10:42:28 | 000,333,936 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/16 10:35:21 | 000,694,430 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2011/04/16 10:35:21 | 000,693,454 | ---- | M] () -- C:\windows\System32\perfh00A.dat
[2011/04/16 10:35:21 | 000,689,108 | ---- | M] () -- C:\windows\System32\perfh010.dat
[2011/04/16 10:35:21 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/16 10:35:21 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/16 10:35:21 | 000,137,062 | ---- | M] () -- C:\windows\System32\perfc00A.dat
[2011/04/16 10:35:21 | 000,130,140 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2011/04/16 10:35:21 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/16 10:35:21 | 000,127,144 | ---- | M] () -- C:\windows\System32\perfc010.dat
[2011/04/16 10:35:21 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/07 11:07:24 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/04/02 14:20:07 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/02 14:08:59 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
 
========== Files Created - No Company Name ==========
 
[2011/04/22 18:33:35 | 000,301,568 | ---- | C] () -- C:\Users\***\Anderes\Desktop\g2m3e4r.exe
[2011/04/22 18:33:05 | 000,377,260 | ---- | C] () -- C:\Users\***\Anderes\Desktop\Load.exe
[2011/04/21 11:45:22 | 000,000,647 | -H-- | C] () -- C:\Users\***\Anderes\Desktop\Windows Recovery.lnk
[2011/04/21 11:45:22 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~29744904
[2011/04/21 11:45:22 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~29744904r
[2011/04/21 11:45:21 | 000,000,328 | -H-- | C] () -- C:\ProgramData\29744904
[2011/04/21 11:45:19 | 000,487,424 | ---- | C] () -- C:\ProgramData\29744904.exe
[2011/04/21 11:36:14 | 000,569,344 | -H-- | C] () -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011/04/02 14:20:07 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/02 14:08:59 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/04/02 14:08:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2010/12/24 17:12:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/29 23:45:30 | 000,870,544 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/01/29 23:45:30 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/01/29 23:45:30 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/01/29 23:45:23 | 000,050,036 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/01/29 23:45:21 | 000,127,896 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/01/29 23:45:20 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/01/29 23:45:14 | 000,001,018 | ---- | C] () -- C:\windows\System32\atipblag.dat
[2010/01/29 23:45:12 | 000,196,565 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/01/29 23:39:08 | 000,693,454 | ---- | C] () -- C:\windows\System32\perfh00A.dat
[2010/01/29 23:39:08 | 000,341,432 | ---- | C] () -- C:\windows\System32\perfi00A.dat
[2010/01/29 23:39:08 | 000,137,062 | ---- | C] () -- C:\windows\System32\perfc00A.dat
[2010/01/29 23:39:08 | 000,041,390 | ---- | C] () -- C:\windows\System32\perfd00A.dat
[2010/01/29 23:34:55 | 000,689,108 | ---- | C] () -- C:\windows\System32\perfh010.dat
[2010/01/29 23:34:55 | 000,335,478 | ---- | C] () -- C:\windows\System32\perfi010.dat
[2010/01/29 23:34:55 | 000,127,144 | ---- | C] () -- C:\windows\System32\perfc010.dat
[2010/01/29 23:34:55 | 000,037,534 | ---- | C] () -- C:\windows\System32\perfd010.dat
[2010/01/29 23:30:54 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/01/29 23:30:54 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/01/29 23:30:54 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/01/29 23:30:54 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/01/29 23:26:54 | 000,694,430 | ---- | C] () -- C:\windows\System32\perfh00C.dat
[2010/01/29 23:26:54 | 000,344,522 | ---- | C] () -- C:\windows\System32\perfi00C.dat
[2010/01/29 23:26:54 | 000,130,140 | ---- | C] () -- C:\windows\System32\perfc00C.dat
[2010/01/29 23:26:54 | 000,038,160 | ---- | C] () -- C:\windows\System32\perfd00C.dat
[2010/01/29 23:23:51 | 000,361,808 | ---- | C] () -- C:\windows\EMCRI_E.dll
[2010/01/29 23:23:17 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010/01/29 23:23:00 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/01/29 23:20:42 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/01/29 23:19:46 | 000,001,018 | ---- | C] () -- C:\windows\System32\atipblup.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,333,936 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/12/30 21:32:08 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011/04/20 19:44:40 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011/03/10 20:29:50 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2011/04/04 12:00:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/03/19 13:10:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/29 02:44:13 | 000,000,000 | -HSD | M] -- C:\Boot
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/01/29 23:23:29 | 000,000,000 | -H-D | M] -- C:\Intel
[2010/12/03 22:06:43 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/04/22 18:41:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/04/21 11:45:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/03/29 20:08:00 | 000,000,000 | -H-D | M] -- C:\SysRestore
[2011/04/22 18:31:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/11/18 21:46:55 | 000,000,000 | R--D | M] -- C:\Users
[2011/04/22 18:42:28 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2010/01/29 23:41:26 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/01/29 23:40:30 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/01/29 23:40:30 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/01/29 23:41:26 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-22 16:26:30
 
< End of report >
         
--- --- ---


Extras

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/22/2011 6:43:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Anderes\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.39 Gb Total Space | 229.38 Gb Free Space | 83.90% Space Free | Partition Type: NTFS
Drive D: | 182.27 Gb Total Space | 156.08 Gb Free Space | 85.63% Space Free | Partition Type: NTFS
 
Computer Name: SASCH | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00B2E452-75EE-EA69-F78A-0B13F6D385AB}" = CCC Help Czech
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D57E457-4592-72A0-4670-5899EE282235}" = CCC Help Greek
"{134B2C81-7ED8-0935-5F2C-71FC47B2E89E}" = CCC Help English
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{296411B7-2049-32E7-1B75-FB150AB4777A}" = Catalyst Control Center InstallProxy
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2F6BCDBD-2BFD-6E98-42CA-EC9BB73C462F}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3753A228-D17E-23CF-8489-A0589F6BDEA6}" = CCC Help Italian
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39EA053B-1091-6E82-62C3-FC43FECE857A}" = CCC Help Hungarian
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3BF8281E-16A9-2747-C370-0ADA3D0E8E2B}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C446A5D-7480-80ED-C13C-15CD40134437}" = CCC Help Japanese
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{425E348E-C640-1E5F-7CD6-56E8E370043A}" = CCC Help Spanish
"{4567488D-F3B3-06F1-8E48-9DED3D8067C3}" = CCC Help Portuguese
"{45F50CE4-D3CF-B0FD-E363-800692273046}" = CCC Help Turkish
"{462E388A-8A19-D32D-D286-B59384CD3FE8}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58CF9CC9-7C36-BD49-295C-76878A14E804}" = ATI Catalyst Install Manager
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69775BBA-C071-F41E-8245-12363F30CF1C}" = CCC Help Thai
"{6D736E85-9DF9-F6C4-47D7-89C126C17C23}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EF2D30E-AA25-48FC-4E71-B410B00FF043}" = Catalyst Control Center Core Implementation
"{823919E6-4B9C-AA6B-75AC-24C4F0A3F93F}" = CCC Help German
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{98E30A3C-64AB-4762-75AE-D35CF8F49B01}" = Catalyst Control Center Graphics Light
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A02DE62A-4EDF-8F0C-67DE-CB1EF1ECCCCB}" = CCC Help Chinese Standard
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F989D3-F113-CCC2-A667-83D7B2B671AE}" = ccc-utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA659DC5-F577-4364-903D-20C16DD4BDB3}" = Catalyst Control Center - Branding
"{BB247917-0662-661A-0CC5-AC9E52571F70}" = ccc-core-static
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D12460F7-A343-C4B8-82F9-97EB8DB34D71}" = CCC Help Norwegian
"{D28BF286-1AAF-B19D-0BE8-F875E4D6886E}" = Catalyst Control Center Graphics Full New
"{D329D00C-871A-D32F-ADD0-1DABFD0B4B18}" = Catalyst Control Center Localization All
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D830AFD3-4FDB-5EF4-9713-30DE763BD2D3}" = CCC Help Finnish
"{DD79E922-C9FB-194B-99D8-F421EC937838}" = CCC Help Dutch
"{DE3DB836-BE2F-700F-2D3D-0D1E37952BC7}" = CCC Help Swedish
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1FC3732-E676-8F56-A47D-940988DB23EB}" = PX Profile Update
"{E33A7DA1-8E3B-0C18-3B7B-106A9D21E1FE}" = Catalyst Control Center Graphics Previews Vista
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBE76552-30D9-F4D6-7B02-21A43A2D0193}" = CCC Help Polish
"{FE0AFCC1-AA9C-0422-9952-E10C0D3ADC22}" = CCC Help Korean
"{FE89AA8D-68C8-FBCB-A40E-1391AC05B985}" = CCC Help Russian
"7F523D4F8E191139525DC0260B06BF68E4E581EE" = Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"New C Series Screensaver" = New C Series Screensaver
"PhotoScape" = PhotoScape
"STANDARD" = Microsoft Office Standard 2007
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/16/2011 1:25:11 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 4/16/2011 1:25:12 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/16/2011 1:25:12 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2013
 
Error - 4/16/2011 1:25:12 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error - 4/16/2011 1:25:13 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/16/2011 1:25:13 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3074
 
Error - 4/16/2011 1:25:13 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3074
 
Error - 4/16/2011 1:34:32 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 4/16/2011 1:34:32 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 561526
 
Error - 4/16/2011 1:34:32 PM | Computer Name = SaSch | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 561526
 
[ System Events ]
Error - 4/9/2011 6:05:04 PM | Computer Name = SaSch | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.
 
Error - 4/9/2011 6:05:32 PM | Computer Name = SaSch | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR2.
 
Error - 4/9/2011 7:09:47 PM | Computer Name = SaSch | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR4.
 
Error - 4/10/2011 1:21:43 PM | Computer Name = SaSch | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 4/12/2011 3:41:50 AM | Computer Name = SaSch | Source = DCOM | ID = 10010
Description = 
 
Error - 4/13/2011 4:21:49 PM | Computer Name = SaSch | Source = Microsoft-Windows-Kernel-Power | ID = 86
Description = Das System wurde aufgrund eines kritischen thermischen Ereignisses
heruntergefahren. Zeit für das Herunterfahren = 2011-04-13T20:21:49.487282500Z
 
ACPI-Thermozone = ACPI\ThermalZone\THRM _CRT = 373K
 
Error - 4/13/2011 4:23:24 PM | Computer Name = SaSch | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?04.?2011 um 22:21:22 unerwartet heruntergefahren.
 
Error - 4/17/2011 4:24:45 PM | Computer Name = SaSch | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?04.?2011 um 22:22:24 unerwartet heruntergefahren.
 
Error - 4/22/2011 12:21:58 PM | Computer Name = SaSch | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 4/22/2011 12:34:07 PM | Computer Name = SaSch | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
 
 
< End of report >
         
--- --- ---


Gmer

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-22 19:27:38
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\kgtdypoc.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83251589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83276092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\atipmdag.sys section is writeable [0x93609000, 0x2CBE50, 0xE8000020]
PAGE peauth.sys AD88BE21 100 Bytes JMP 9B6BA64A 
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\windows\Explorer.EXE[2544] WININET.dll!HttpAddRequestHeadersA 76959ABA 5 Bytes JMP 002F18D5 
.text C:\windows\Explorer.EXE[2544] WININET.dll!HttpAddRequestHeadersW 76960848 5 Bytes JMP 002F1A9D 
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!LdrLoadDll 77CAF5B5 5 Bytes JMP 002E13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] WS2_32.dll!closesocket 76093BED 5 Bytes JMP 004E000A 
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] WS2_32.dll!connect 760948BE 5 Bytes JMP 004D000A 
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] WS2_32.dll!getaddrinfo 76096737 5 Bytes JMP 0051000A 
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] WS2_32.dll!send 7609C4C8 5 Bytes JMP 004F000A 
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] WS2_32.dll!gethostbyname 760A7133 5 Bytes JMP 0050000A 
 
---- Devices - GMER 1.0.15 ----
 
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
---- Threads - GMER 1.0.15 ----
 
Thread System [4:312] 875DAE7A
Thread System [4:316] 875DD008
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d25b11 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d25b11 (not active ControlSet) 
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---



Vielen, vielen Dank im Vorraus,

Sabine

Alt 25.04.2011, 14:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! - Standard

Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 29.04.2011, 20:07   #3
sasch007
 
Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! - Standard

Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!



seit neuestem erscheint nun auch eine Fehlermeldung: "hostdienste windows funktionieren nicht mehr"

vielen dank,

sabine
__________________

Alt 29.04.2011, 21:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! - Standard

Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
[2011/04/21 11:45:22 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~29744904
[2011/04/21 11:45:22 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~29744904r
[2011/04/21 11:45:21 | 000,000,328 | -H-- | M] () -- C:\ProgramData\29744904
[2011/04/21 11:45:19 | 000,487,424 | ---- | M] () -- C:\ProgramData\29744904.exe
[2011/04/21 11:45:22 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011/04/12 20:58:54 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{CF250029-412D-4C11-B083-D6C121F3669D}
[2011/04/10 11:13:19 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{B48CBF11-46A1-43E6-9320-09C81D0ADAA4}
[2011/04/04 20:53:17 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{C80E2938-5F9E-404D-A4A2-944230CC3220}
[2011/04/03 22:15:52 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{D7755AC4-D740-40AF-AFAD-BF99853FCE01}
[2011/04/01 21:52:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{BB9491EB-F902-460C-881E-2FE4BE7C933C}
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.04.2011, 22:29   #5
sasch007
 
Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! - Standard

Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!



Ich habe auch google umleitungen im browser. Jedes mal wenn ich etwas google und einen Link klicke leitet es mich auf zig .us seiten...

hin und wieder erscheint auch ein skriptfehlerfenster auf dem desktop mit dieser URL als Inhalt, weiß nicht ob das weiterhilft:

www.northdakotasearches.us


Alt 29.04.2011, 22:32   #6
sasch007
 
Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! - Standard

Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!



Hier das OTL Log

Alt 30.04.2011, 02:20   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! - Standard

Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!
antivir, autorun, avgntflt.sys, avira, becks, bonjour, error, excel, festplatte, festplatten cluster beschädigt, firefox, flash player, format, google chrome, home, install.exe, location, locker, microsoft office word, mozilla, ntdll.dll, oldtimer, plug-in, problem, programm, realtek, registry, rundll, saver, scan, searchplugins, security, security update, shell32.dll, sicherheit, software, start menu, trojaner, trojaner eingefangen, usb, webcheck, werbung, windows




Ähnliche Themen: Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!


  1. Habe mir u. A. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (22)
  2. TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 23.05.2011 (35)
  3. TR/kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 19.05.2011 (18)
  4. TR/Kazy.mekml.1 aus einer email eingefangen, obwohl Antivir nix festgestellt hat
    Log-Analyse und Auswertung - 13.05.2011 (32)
  5. AntiVir Fund: TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 10.05.2011 (19)
  6. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (1)
  7. Hab mir auch den TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (23)
  8. TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (9)
  9. Kazy.mekml.1 eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (15)
  10. TR/Kazy.mekml.1 eingefangen
    Log-Analyse und Auswertung - 30.04.2011 (18)
  11. Tr/Kazy.mekml.1 Windows-Recovery
    Log-Analyse und Auswertung - 29.04.2011 (20)
  12. TR/Kazy.mekml.1 eingefangen! Und nun...?
    Log-Analyse und Auswertung - 29.04.2011 (6)
  13. Trojaner TR/kazy.mekml.1 eingefangen :-(
    Log-Analyse und Auswertung - 28.04.2011 (7)
  14. Virus TR/Kazy.mekml.1 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (13)
  15. Antivir findet TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 21.04.2011 (10)
  16. Trojaner TR/kazy.mekml.1 (laut AntiVir) ?
    Log-Analyse und Auswertung - 21.04.2011 (20)
  17. Windows Recovery auf C:\ nach Befall von JAVA Agent.M.1 (laut Antivir). Reicht das?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (6)

Zum Thema Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! - Hallo zusammen, ich habe mir einen Trojaner eingefangen mit Namen TR/Kazy.mekml.1. Es erscheint ein "Windows Recovery" Fenster worin beschrieben wird, dass mein RAM Speicher und irgendwelche Festplatten Cluster beschädigt sind. - Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!...
Archiv
Du betrachtest: Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.