Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Tr/Kazy.mehml Befall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.04.2011, 02:40   #1
basser45
 
Tr/Kazy.mehml Befall - Standard

Tr/Kazy.mehml Befall



Hi,

leider hat auch mich der trojaner tr/Kazy.mehml.1 befallen!
ich hab wie schon in anderen beiträgen beschrieben eine scan mit otl durchgeführt. unten sind die logfiles.
vielen dank für die hilfe!OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.04.2011 03:19:51 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Trudl\Eigene Dateien
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
768,00 Mb Total Physical Memory | 357,00 Mb Available Physical Memory | 47,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,33 Gb Total Space | 15,60 Gb Free Space | 41,78% Space Free | Partition Type: NTFS
Drive D: | 37,20 Gb Total Space | 36,62 Gb Free Space | 98,45% Space Free | Partition Type: NTFS
Drive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MAMA | User Name: Trudl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Trudl\Eigene Dateien\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Trudl\Eigene Dateien\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (dbustrcm) -- C:\Dokumente und Einstellungen\Trudl\Lokale Einstellungen\Temp\dbustrcm.sys ()
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (WDM_YAMAHAAC97) -- C:\WINDOWS\system32\drivers\yacxgc.sys (YAMAHA CORPORATION)
DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mittenwald.deskline.feratel.at/LTAccess/LT_Login.asp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2001.08.18 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [StorageGuard] C:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VAIO Action Setup (Server).lnk = C:\Programme\Sony\VAIO Action Setup\VAServ.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180346090531 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180346078046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.08.05 16:53:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.06.19 18:39:08 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001.10.03 14:32:18 | 000,098,304 | R--- | M] () - F:\autoplay.exe -- [ CDFS ]
O33 - MountPoints2\{7a4c0f62-0cf8-11dc-9968-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7a4c0f62-0cf8-11dc-9968-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a4c0f62-0cf8-11dc-9968-806d6172696f}\Shell\AutoRun\command - "" = F:\autoplay.exe -- [2001.10.03 14:32:18 | 000,098,304 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autoplay.exe -- [2001.10.03 14:32:18 | 000,098,304 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 03:18:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Trudl\Eigene Dateien\OTL.exe
[2011.04.27 03:03:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Trudl\Eigene Dateien\backups
[2011.04.27 03:00:33 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Trudl\Eigene Dateien\HiJackThis204.exe
[2011.04.27 02:35:29 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Trudl\Recent
[2011.04.02 13:52:52 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Trudl\Anwendungsdaten\Paddep
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 03:18:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Trudl\Eigene Dateien\OTL.exe
[2011.04.27 03:12:57 | 000,316,924 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.27 03:12:57 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.27 03:12:57 | 000,048,354 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.27 03:12:57 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.27 03:09:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.27 03:07:35 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.04.27 03:07:35 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.27 03:07:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.27 03:07:21 | 804,884,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 03:00:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Trudl\Eigene Dateien\HiJackThis204.exe
[2011.04.27 03:00:02 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 02:12:42 | 000,000,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18014004r
[2011.04.27 02:12:42 | 000,000,128 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18014004
[2011.04.27 02:12:36 | 000,000,408 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18014004
[2011.04.18 14:24:32 | 000,000,104 | -H-- | M] () -- C:\Dokumente und Einstellungen\Trudl\Desktop\&Hilfe und Support.lnk
[2011.04.16 09:08:05 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.15 15:57:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 02:55:25 | 804,884,480 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.27 01:58:12 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18014004r
[2011.04.27 01:58:11 | 000,000,128 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18014004
[2011.04.27 01:55:50 | 000,000,408 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18014004
[2011.04.18 14:24:30 | 000,000,104 | -H-- | C] () -- C:\Dokumente und Einstellungen\Trudl\Desktop\&Hilfe und Support.lnk
[2010.08.06 01:40:40 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.08.06 01:17:04 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2009.12.31 16:36:13 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009.12.31 16:34:44 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll
[2009.05.21 15:54:17 | 000,137,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.05.21 15:54:06 | 000,189,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.05.21 15:53:57 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.05.20 12:06:18 | 000,000,230 | -H-- | C] () -- C:\Dokumente und Einstellungen\Trudl\Anwendungsdaten\wklnhst.dat
[2009.05.20 01:28:37 | 000,000,632 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2009.05.17 13:12:52 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009.05.12 18:55:45 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2009.05.12 18:55:40 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009.05.12 18:55:35 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2009.05.12 16:16:54 | 000,089,088 | ---- | C] () -- C:\WINDOWS\msacm32.drv
[2009.05.12 16:16:54 | 000,000,102 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
[2009.01.24 15:25:12 | 000,000,276 | ---- | C] () -- C:\WINDOWS\game.ini
[2008.01.02 04:08:24 | 000,035,328 | -H-- | C] () -- C:\Dokumente und Einstellungen\Trudl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.09 14:22:14 | 000,001,286 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007.05.30 16:06:27 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.10.22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006.10.22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006.10.22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002.08.06 10:35:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002.08.06 10:00:30 | 000,098,475 | ---- | C] () -- C:\WINDOWS\BeatnikExternal.dll
[2002.08.05 17:46:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002.08.05 17:46:17 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002.08.05 17:43:39 | 000,001,371 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002.08.05 17:43:33 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002.08.05 17:43:33 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002.08.05 17:43:33 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002.08.05 17:43:33 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002.08.05 17:43:33 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002.08.05 17:43:32 | 000,316,924 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002.08.05 17:43:32 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002.08.05 17:43:32 | 000,048,354 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002.08.05 17:43:32 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002.08.05 17:43:18 | 000,311,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002.08.05 17:43:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002.08.05 17:43:18 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002.08.05 17:43:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002.08.05 17:43:18 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002.08.05 17:43:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.08.05 17:43:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.08.05 17:43:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002.08.05 17:43:10 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002.08.05 17:43:03 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002.08.05 17:42:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002.08.05 17:04:44 | 000,000,980 | ---- | C] () -- C:\WINDOWS\System32\2_ssetup.ini
[2002.08.05 17:04:44 | 000,000,927 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2002.08.05 17:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2002.08.05 17:04:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2002.08.05 16:59:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002.08.05 16:55:55 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002.08.05 16:54:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002.08.05 16:51:36 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002.07.31 11:12:28 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2002.07.31 11:12:28 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2002.07.31 11:12:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002.07.10 11:57:20 | 000,001,871 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002.05.24 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002.05.24 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001.08.31 15:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
 
< End of report >
         
--- --- ---

und hier die zweite:OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.04.2011 03:19:52 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Trudl\Eigene Dateien
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
768,00 Mb Total Physical Memory | 357,00 Mb Available Physical Memory | 47,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,33 Gb Total Space | 15,60 Gb Free Space | 41,78% Space Free | Partition Type: NTFS
Drive D: | 37,20 Gb Total Space | 36,62 Gb Free Space | 98,45% Space Free | Partition Type: NTFS
Drive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MAMA | User Name: Trudl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FireFly Studios\Stronghold\Stronghold.exe" = C:\Programme\FireFly Studios\Stronghold\Stronghold.exe:*:Enabled:Stronghold -- ()
"C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\FireFly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ()
"C:\Programme\Microsoft Games\Age of Mythology\aom.exe" = C:\Programme\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology -- (Ensemble Studios)
"C:\Programme\Cossacks 2 - Battle for Europe\Run\Data\engine.exe" = C:\Programme\Cossacks 2 - Battle for Europe\Run\Data\engine.exe:*:Enabled:Cossacks 2: Battle for Europe
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\EA Games\MOHAADemo\MOHAADemo.exe" = C:\Programme\EA Games\MOHAADemo\MOHAADemo.exe:*:Enabled:Medal of Honor PC
"C:\Programme\EA Games\Command and Conquer Generals\game.dat" = C:\Programme\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game -- ()
"C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat" = C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game -- ()
"C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\patchget.dat" = C:\Programme\EA Games\Command & Conquer Generäle Stunde Null\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Programme\Microsoft Games\Age of Mythology\aomx.exe" = C:\Programme\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion
"C:\Programme\ArchiCrypt Stealth 4\ACStealth4.exe" = C:\Programme\ArchiCrypt Stealth 4\ACStealth4.exe:*:Enabled:Anonym Surfen + Filtern von Webinhalten
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS Update Manager
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2366D960-F00F-11D3-99D3-00C04FCCB775}" = VAIO System Information
"{2B9FBAE1-5016-4F14-B452-E6874A3C1284}" = VAIO Clock Screen Saver
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO Online Registration
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
"{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = VERITAS RecordNow DX
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACEC9C3E-0100-4EBE-B298-35A2145828A0}" = VAIO Brezza Wallpaper
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CFD0CD4E-18D1-4FD9-A64C-1E96D31F6745}" = ISP Selector
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Mythology 1.0" = Age of Mythology
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beatnik Player" = Beatnik Player
"Best of C64 Classix" = Best of C64 Classix 
"EAX Unified" = EAX Unified
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO Online Registration
"InstallShield_{CFD0CD4E-18D1-4FD9-A64C-1E96D31F6745}" = ISP Selector
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Mafia" = Mafia
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Windows XP Service Pack" = Windows XP Service Pack 3
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2010 08:05:34 | Computer Name = MAMA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung game.exe, Version 1.0.0.0, fehlgeschlagenes
 Modul ls3df.dll, Version 0.0.0.0, Fehleradresse 0x0005ac2e.
 
Error - 12.08.2010 11:05:52 | Computer Name = MAMA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung game.exe, Version 1.0.0.0, fehlgeschlagenes
 Modul ls3df.dll, Version 0.0.0.0, Fehleradresse 0x0005ac2e.
 
Error - 12.08.2010 12:14:18 | Computer Name = MAMA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung game.exe, Version 1.0.0.0, fehlgeschlagenes
 Modul ls3df.dll, Version 0.0.0.0, Fehleradresse 0x0005ac2e.
 
Error - 12.08.2010 16:39:34 | Computer Name = MAMA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung game.exe, Version 1.0.0.0, fehlgeschlagenes
 Modul ls3df.dll, Version 0.0.0.0, Fehleradresse 0x0005ac2e.
 
Error - 16.08.2010 12:04:51 | Computer Name = MAMA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung game.exe, Version 1.0.0.0, fehlgeschlagenes
 Modul ls3df.dll, Version 0.0.0.0, Fehleradresse 0x0005ac2e.
 
Error - 30.08.2010 18:47:03 | Computer Name = MAMA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.10.2010 09:21:18 | Computer Name = MAMA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 30.12.2010 05:59:14 | Computer Name = MAMA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 06.01.2011 06:38:37 | Computer Name = MAMA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.04.2011 12:02:24 | Computer Name = MAMA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 5.0.1.329, fehlgeschlagenes
 Modul acrord32.exe, Version 5.0.1.329, Fehleradresse 0x0001b8a7.
 
[ System Events ]
Error - 26.04.2011 20:35:18 | Computer Name = MAMA | Source = sfsync02 | ID = 262156
Description = 
 
Error - 26.04.2011 20:35:36 | Computer Name = MAMA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 26.04.2011 20:35:42 | Computer Name = MAMA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 26.04.2011 20:53:18 | Computer Name = MAMA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
< End of report >
         
--- --- ---

--- --- ---


Hi,

da ich mein problem doch recht spät reingestellt hab und noch keine antwort bekommen hab, denk ich, dass mein problem übersehen wurde.
danke schon mal für die hilfe

Alt 06.05.2011, 11:47   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Tr/Kazy.mehml Befall - Standard

Tr/Kazy.mehml Befall



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Antwort

Themen zu Tr/Kazy.mehml Befall
.dll, 0x00000001, adobe, alternate, antivir, avgntflt.sys, avira, bho, call of duty, desktop, disabletaskmgr, einstellungen, error, explorer, format, helper, hijack, hijackthis, home, homepage, location, microsoft office word, object, oldtimer, plug-in, realtek, registry, saver, scan, sched.exe, server, shell32.dll, software, stick, temp, trojaner, windows internet




Ähnliche Themen: Tr/Kazy.mehml Befall


  1. Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (19)
  2. Gen:Variant.Kazy.88735 (B) ; TR/Kazy.88735.3 ; Artemis!F1ED8568AD5F ; TROJ_GEN.RCBH1IM
    Log-Analyse und Auswertung - 01.11.2012 (1)
  3. Mehrere Viren - kazy.mekml1, kazy.20967, crypt.zpack.gen,... Win Vista
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (3)
  4. Trojaner/kazy.mekml.1 - Befall
    Log-Analyse und Auswertung - 26.06.2011 (23)
  5. TR.kazy befall + beseitigung. Bitte um kurze analyse des Zustands
    Log-Analyse und Auswertung - 15.06.2011 (1)
  6. Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?
    Log-Analyse und Auswertung - 27.05.2011 (59)
  7. TR/Kazy.mekml.1 - Befall
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (29)
  8. TR/kazy.mekml.1 Befall
    Log-Analyse und Auswertung - 16.05.2011 (46)
  9. trojanische pferd tr/kazy.mehml.1
    Log-Analyse und Auswertung - 16.05.2011 (44)
  10. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  11. Kazy.mekml1 und TR/Kazy.22376.3
    Log-Analyse und Auswertung - 14.05.2011 (7)
  12. TR/Kazy.mekml.1 - was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (5)
  13. trojanische pferd tr/kazy.mehml.1
    Log-Analyse und Auswertung - 27.04.2011 (4)
  14. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  15. Befall von verschiedenen Viren TR\Kazy.18911.10, TR\Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (27)
  16. Befall von Trojan.Generic.kdv.55894 und GEn:Variant.Kazy.2385.taskeng.exe
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)

Zum Thema Tr/Kazy.mehml Befall - Hi, leider hat auch mich der trojaner tr/Kazy.mehml.1 befallen! ich hab wie schon in anderen beiträgen beschrieben eine scan mit otl durchgeführt. unten sind die logfiles. vielen dank für die - Tr/Kazy.mehml Befall...
Archiv
Du betrachtest: Tr/Kazy.mehml Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.