Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Kazy.merkml1, fakeSysdef.A.313, usw.

Kazy.merkml1, fakeSysdef.A.313, usw.


Log-Analyse und Auswertung: Kazy.merkml1, fakeSysdef.A.313, usw.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.05.2011, 14:39   #1
minniemaus
 
Kazy.merkml1, fakeSysdef.A.313, usw. - Standard

Kazy.merkml1, fakeSysdef.A.313, usw.


Hallo, ihr Lieben!
Ich habe/hatte diverese Trojaner, wie die oben genannten, an Bord. Aktuell ist mein Problem folgendes:
Ich habe kein sichtbares Laufwerk C mehr! Ich hatte bis vor kurzem noch die Avira AntiVir Vollversion an Bord und wollte diese durch den download von Kaspersky ersetzten, nachdem ich hier gelesen hatte, dass der wohl sehr wirkunsvoll sei. Vorgang: Download v. Kaspersky - Vollversion Avira runter - Installation Kaspersky gestartet - Neue Meldung: Wegen McAfee kann Kaspersky nicht installiert werden. Mit dem "löschen" Button kann ich McAfee aber nicht entfernen. Ich hatte McAfee nie aktiv. Möglicherweise ist das ein leerer Ordner in "C:" der alles blockiert? Ich bin jetzt ohne Virenschutz online und kann somit momentan auch keine genaueren Angaben mehr zu meinen Trojanern machen. :-(( Unter pers. Anleitung habe ich mit meinem Bruder in DOS (dir) mal geschaut, ob wenigstens da noch Dateien auf C: angezeigt werden - Fehlanzeige! (jedoch belegter Speicherplatz unter "Eigenschaften") Wenigstens konnten wir die Fehlermeldungen bzgl. beschädigter Festplatten-Cluster und beschädigtem RAM abstellen (fakeSysdef). Ich füge mal die OTL-Berichte usw. an und hoffe, dass ihr mir bei meinem Problem helfen könnt. Vielen Dank schon mal!
VLG
minniemaus

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.05.2011 14:25:14 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\minnie\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 178,20 Gb Free Space | 66,74% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,20 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
 
Computer Name: MINNIE-PC | User Name: minnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe
PRC - [2011.05.06 14:00:56 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\Temp\YYY8767.exe
PRC - [2011.04.28 12:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2011.03.24 01:37:35 | 000,910,296 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.10 08:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 08:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | -H-- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.22 17:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe
MOD - [2011.02.24 07:29:55 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.07.14 03:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.03 20:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.12.10 08:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.10 08:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.11.07 03:46:52 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 17:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 14:53:00 | 001,155,072 | -H-- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.04.01 10:13:38 | 001,009,184 | -H-- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.03.24 17:57:16 | 000,191,008 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.03.04 17:53:08 | 000,067,624 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.02.10 15:01:10 | 000,132,352 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010.02.04 13:54:32 | 001,558,368 | -H-- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2010.02.03 05:36:34 | 000,232,960 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009.09.18 04:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009.08.13 17:39:40 | 000,786,400 | -H-- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.05.13 12:47:30 | 000,027,160 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\minnie\AppData\Roaming\5015 [2011.04.28 15:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.24 14:22:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 14:22:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 14:22:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.06.23 00:59:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Extensions
[2010.06.23 00:44:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.06 14:23:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] (FireShot) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.06 14:23:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.24 14:22:29 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.24 14:22:29 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011.04.28 15:03:23 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MINNIE\APPDATA\ROAMING\5015
[2009.10.26 16:45:36 | 000,102,400 | -H-- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.10.22 20:44:30 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 20:44:30 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 20:44:31 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 20:44:31 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 20:44:31 | 000,000,801 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotKey] C:\Windows\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LMgrOSD]  File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - Startup: C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\minnie\AppData\Roaming\appconf32.exe) - C:\Users\minnie\AppData\Roaming\appconf32.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell - "" = AutoRun
O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.06 14:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.05.06 14:09:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe
[2011.05.06 14:09:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\minnie\Desktop\TFC.exe
[2011.05.06 14:09:30 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\minnie\Desktop\Erunt-setup.exe
[2011.04.28 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\UAs
[2011.04.28 15:03:26 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\minnie\AppData\Roaming\AcroIEHelpe.dll
[2011.04.28 15:03:23 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\5015
[2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\xmldm
[2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\kock
[2011.04.28 15:03:12 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\xmldm
[2011.04.28 15:03:11 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\kock
[2011.04.28 14:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.04.26 23:39:14 | 000,000,000 | ---D | C] -- C:\Eigene Dateien zusatz
[2011.04.25 15:52:20 | 000,000,000 | -H-D | C] -- C:\Windows\pss
[2011.04.24 16:06:01 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.10 22:57:55 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Local\S2
[2011.04.10 22:56:59 | 000,098,304 | -H-- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011.04.10 22:56:59 | 000,000,000 | RH-D | C] -- C:\Users\minnie\AppData\Roaming\SecuROM
[2011.04.10 13:38:36 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.04.10 13:33:54 | 000,000,000 | -H-D | C] -- C:\Programme\THQ
[2011.04.10 13:33:49 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\THQ
[2011.04.10 13:33:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\minnie\AppData\Roaming\*.tmp files -> C:\Users\minnie\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.06 14:18:47 | 000,000,624 | ---- | M] () -- C:\Users\minnie\Desktop\NTREGOPT.lnk
[2011.05.06 14:18:46 | 000,000,611 | ---- | M] () -- C:\Users\minnie\Desktop\ERUNT.lnk
[2011.05.06 14:10:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0771fb166348.job
[2011.05.06 14:09:45 | 000,302,080 | ---- | M] () -- C:\Users\minnie\Desktop\g2m3e4r.exe
[2011.05.06 14:09:40 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\minnie\Desktop\Erunt-setup.exe
[2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe
[2011.05.06 14:09:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\TFC.exe
[2011.05.06 13:56:46 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.06 13:56:46 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.06 13:48:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0771faeb8a83.job
[2011.05.06 13:48:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.06 13:48:27 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 23:38:54 | 000,008,866 | ---- | M] () -- C:\Users\minnie\wo wird gespeichert.odt
[2011.04.25 16:38:06 | 000,003,224 | -H-- | M] () -- C:\bootsqm.dat
[2011.04.24 16:08:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\33087240
[2011.04.24 16:06:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~33087240
[2011.04.24 16:06:01 | 000,000,635 | -H-- | M] () -- C:\Users\minnie\Desktop\Windows Recovery.lnk
[2011.04.24 16:06:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~33087240r
[2011.04.22 21:15:18 | 000,654,166 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.22 21:15:18 | 000,616,008 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.22 21:15:18 | 000,130,006 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.22 21:15:18 | 000,106,388 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.17 21:07:19 | 000,396,544 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.10 22:56:59 | 000,098,304 | -H-- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011.04.10 13:37:44 | 000,001,971 | -H-- | M] () -- C:\Users\Public\Desktop\Findet Nemo.lnk
[1 C:\Users\minnie\AppData\Roaming\*.tmp files -> C:\Users\minnie\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.06 14:18:47 | 000,000,624 | ---- | C] () -- C:\Users\minnie\Desktop\NTREGOPT.lnk
[2011.05.06 14:18:46 | 000,000,611 | ---- | C] () -- C:\Users\minnie\Desktop\ERUNT.lnk
[2011.05.06 14:09:30 | 000,302,080 | ---- | C] () -- C:\Users\minnie\Desktop\g2m3e4r.exe
[2011.04.30 22:05:41 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0771fb166348.job
[2011.04.30 22:05:40 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0771faeb8a83.job
[2011.04.26 23:37:51 | 000,008,866 | ---- | C] () -- C:\Users\minnie\wo wird gespeichert.odt
[2011.04.25 16:38:06 | 000,003,224 | -H-- | C] () -- C:\bootsqm.dat
[2011.04.24 16:06:01 | 000,000,635 | -H-- | C] () -- C:\Users\minnie\Desktop\Windows Recovery.lnk
[2011.04.24 16:06:01 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~33087240r
[2011.04.24 16:06:01 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~33087240
[2011.04.24 16:05:55 | 000,000,400 | -H-- | C] () -- C:\ProgramData\33087240
[2011.04.10 13:37:44 | 000,001,971 | -H-- | C] () -- C:\Users\Public\Desktop\Findet Nemo.lnk
[2011.03.18 11:33:19 | 000,005,120 | -H-- | C] () -- C:\Users\minnie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.17 19:33:00 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.12.09 21:23:19 | 000,015,873 | -H-- | C] () -- C:\Windows\System32\Inetde.dll
[2010.08.25 20:30:02 | 000,127,868 | -H-- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.25 20:30:00 | 000,104,796 | -H-- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.07.22 22:30:45 | 000,000,019 | -H-- | C] () -- C:\Users\minnie\AppData\Roaming\mdbu.bin
[2010.07.04 00:35:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.23 00:44:34 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010.05.05 06:13:49 | 000,072,017 | -H-- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010.05.01 10:04:19 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.22 16:06:52 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe
[2010.04.22 16:06:50 | 000,149,504 | -H-- | C] () -- C:\Windows\unwise32_setup.exe
[2010.04.22 16:04:02 | 000,451,072 | -H-- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.04.22 13:11:09 | 000,870,560 | -H-- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.04.22 13:11:09 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.04.22 13:11:09 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.04.22 13:11:06 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.04.14 12:32:50 | 000,007,648 | -H-- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2009.08.03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,654,166 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,396,544 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.09 17:23:13 | 000,046,080 | RHS- | C] () -- C:\Users\minnie\AppData\Roaming\appconf32.exe
[2006.04.21 10:08:22 | 000,253,952 | -H-- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2000.08.29 15:40:10 | 000,006,137 | -H-- | C] () -- C:\Windows\System32\E1.ini
[2000.08.02 21:47:20 | 000,026,112 | -H-- | C] () -- C:\Windows\RunUnDrv.exe
 
========== LOP Check ==========
 
[2011.04.28 15:03:23 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\5015
[2011.01.22 01:55:53 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Ashampoo
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\BOM
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\IrfanView
[2011.04.28 15:03:11 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\kock
[2010.08.12 21:59:31 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Lexware
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\MAGIX
[2010.06.26 23:14:34 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\OpenOffice.org
[2010.07.26 16:20:47 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\TeamViewer
[2011.04.24 14:22:10 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Thunderbird
[2011.04.28 15:42:09 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\UAs
[2011.03.18 22:30:10 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\wxMozBrowserLib
[2011.04.28 15:47:02 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\xmldm
[2010.12.22 11:45:27 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\YoudaGames
[2010.12.22 11:45:23 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Zylom
[2011.04.08 21:55:30 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.10.31 09:02:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.09.29 00:03:51 | 000,000,000 | -H-D | M] -- C:\8a364a0cc8ca466192c17e
[2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.26 23:40:15 | 000,000,000 | ---D | M] -- C:\Eigene Dateien zusatz
[2011.04.24 14:22:50 | 000,000,000 | -H-D | M] -- C:\Intel
[2011.04.28 15:03:19 | 000,000,000 | ---D | M] -- C:\kock
[2011.04.24 14:22:50 | 000,000,000 | -H-D | M] -- C:\Medion
[2010.04.23 12:51:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.04.28 14:58:46 | 000,000,000 | RH-D | M] -- C:\Programme
[2011.04.28 14:58:46 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.04.26 21:26:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.23 12:14:09 | 000,000,000 | RH-D | M] -- C:\Users
[2011.05.06 14:11:45 | 000,000,000 | -H-D | M] -- C:\Windows
[2011.04.28 15:03:19 | 000,000,000 | ---D | M] -- C:\xmldm
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-25 05:08:15
 
<           >

< End of report >
--- --- ---


SCAN:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

EXTRAS:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.05.2011 14:25:14 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\minnie\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 178,20 Gb Free Space | 66,74% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,20 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
 
Computer Name: MINNIE-PC | User Name: minnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB Scanner" = USB Scanner
"Vokabelcheck Spanisch" = Vokabelcheck Spanisch
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.04.2011 16:17:45 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bccbc  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000506ab  ID des fehlerhaften
 Prozesses: 0xebc  Startzeit der fehlerhaften Anwendung: 0x01cc0773a83c4fc4  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll  Berichtskennung: e8ba1b97-7366-11e0-82d9-00262dbf66c7
 
Error - 30.04.2011 16:27:06 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLXPGSS.SCR, Version: 14.0.8081.709,
 Zeitstempel: 0x4a57911d  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050cf9  ID des fehlerhaften
 Prozesses: 0x500  Startzeit der fehlerhaften Anwendung: 0x01cc0774f8205830  Pfad der
 fehlerhaften Anwendung: C:\Windows\WLXPGSS.SCR  Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
 37097a15-7368-11e0-82d9-00262dbf66c7
 
Error - 04.05.2011 18:42:36 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050d43  ID des fehlerhaften
 Prozesses: 0x5b4  Startzeit der fehlerhaften Anwendung: 0x01cc0aac9012d866  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\kernel32.dll  Berichtskennung: ce4bd476-769f-11e0-bd43-00262dbf66c7
 
Error - 06.05.2011 07:49:17 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050d43  ID des fehlerhaften
 Prozesses: 0x15b0  Startzeit der fehlerhaften Anwendung: 0x01cc0be39ef5af86  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\kernel32.dll  Berichtskennung: de798add-77d6-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 07:58:57 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050878  ID des fehlerhaften
 Prozesses: 0x1664  Startzeit der fehlerhaften Anwendung: 0x01cc0be4fa956844  Pfad der
 fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
 38a38b8f-77d8-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 07:58:57 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil10i_ActiveX.exe, Version:
 10.1.82.76, Zeitstempel: 0x4c4fd88f  Name des fehlerhaften Moduls: kernel32.dll, 
Version: 6.1.7600.16481, Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00050bc7  ID des fehlerhaften Prozesses: 0xaec  Startzeit der fehlerhaften Anwendung:
 0x01cc0be4faf23dee  Pfad der fehlerhaften Anwendung: C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll  Berichtskennung: 38aaafb0-77d8-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 07:59:20 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000506ab  ID des fehlerhaften
 Prozesses: 0x1d88  Startzeit der fehlerhaften Anwendung: 0x01cc0be5083e2db6  Pfad der
 fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
 45fdc399-77d8-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 07:59:20 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc2d9  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000505d7  ID des fehlerhaften
 Prozesses: 0x173c  Startzeit der fehlerhaften Anwendung: 0x01cc0be5085138b8  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\WerFault.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\kernel32.dll  Berichtskennung: 460e6d3b-77d8-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 08:22:08 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bccbc  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050af2  ID des fehlerhaften
 Prozesses: 0x130c  Startzeit der fehlerhaften Anwendung: 0x01cc0be8367c3c4f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll  Berichtskennung: 756aaa5f-77db-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 08:24:03 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SkypeNames2.exe, Version: 4.2.0.4823,
 Zeitstempel: 0x4b06ab4c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075c8c  ID des fehlerhaften
 Prozesses: 0x13f8  Startzeit der fehlerhaften Anwendung: 0x01cc0be87c5051af  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ba0eeddb-77db-11e0-89bc-00262dbf66c7
 
[ System Events ]
Error - 03.01.2011 06:38:28 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.01.2011 06:38:29 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.01.2011 06:38:29 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 10.01.2011 14:49:46 | Computer Name = minnie-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 17.01.2011 10:21:07 | Computer Name = minnie-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 20.01.2011 20:17:43 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.01.2011 14:39:08 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.01.2011 15:18:32 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.01.2011 09:05:49 | Computer Name = minnie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?01.?2011 um 14:03:06 unerwartet heruntergefahren.
 
Error - 31.01.2011 15:29:17 | Computer Name = minnie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?01.?2011 um 20:27:12 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---
Geändert von minniemaus (06.05.2011 um 15:30 Uhr)

 

Themen zu Kazy.merkml1, fakeSysdef.A.313, usw.
2.0.7, alles blockiert, antivir, avira, bho, blockiert, c:\windows\system32\rundll32.exe, disabletaskmgr, druck, error, excel.exe, festplatte, firefox, google, google chrome, home, install.exe, installation, intranet, kaspersky, laufwerk c, launch, location, logfile, microsoft office word, mozilla, mozilla thunderbird, nicht installiert, ntdll.dll, office 2007, oldtimer, plug-in, problem, realtek, registry, rundll, scan, searchplugins, security, security update, senden, software, speicherplatz, start menu, studio, svchost.exe, trojaner, usb 2.0, webcheck, windows


« Die ganze Zeit erscheint der Windows Installer Nr. 2 | win7 firefox läuft sehr langsam google-redirect »


Ähnliche Themen: Kazy.merkml1, fakeSysdef.A.313, usw.


  1. Mehrere Viren - kazy.mekml1, kazy.20967, crypt.zpack.gen,... Win Vista
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (3)
  2. FakeSysDef Virus/Trojaner - bin ungeschützt
    Diskussionsforum - 20.10.2011 (8)
  3. Bot/Tdss.d + fakesysdef.A
    Plagegeister aller Art und deren Bekämpfung - 18.10.2011 (0)
  4. TR/Gendal.kdv.371931.1 und TR/FakeSysdef.506'
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (1)
  5. Trojaner FakeSysdef.506
    Log-Analyse und Auswertung - 10.10.2011 (1)
  6. Trojaner fakesysdef
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (9)
  7. win32/fakesysdef
    Plagegeister aller Art und deren Bekämpfung - 27.09.2011 (2)
  8. Win32/FakeSysdef eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.07.2011 (2)
  9. Trojan:Win32/FakeSysdef
    Plagegeister aller Art und deren Bekämpfung - 24.07.2011 (11)
  10. Trojan:Win32/FakeSysdef - wie entferne ich das mit MSE?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (18)
  11. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  12. Win Reparieren vs Neuinstall - TR/Kazy.19207.2 TR/FakeSysdef.A.387 - Desinfec´t
    Plagegeister aller Art und deren Bekämpfung - 15.05.2011 (3)
  13. Trojan:Win32/FakeSysdef - wie entferne ich ihn?
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (13)
  14. TR/Kazy.merkml1
    Log-Analyse und Auswertung - 06.05.2011 (1)
  15. TR/Kazy.mekml.1 u. TR/FakeSysdef.A.446
    Log-Analyse und Auswertung - 30.04.2011 (1)
  16. TR/Kazy.merkml1
    Log-Analyse und Auswertung - 28.04.2011 (9)
  17. Trojaner TR/FakeSysdef.A.313 in temporärer Datei
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Kazy.merkml1, fakeSysdef.A.313, usw. - Hallo, ihr Lieben! Ich habe/hatte diverese Trojaner, wie die oben genannten, an Bord. Aktuell ist mein Problem folgendes: Ich habe kein sichtbares Laufwerk C mehr! Ich hatte bis vor kurzem - Kazy.merkml1, fakeSysdef.A.313, usw....
Archiv
Du betrachtest: Kazy.merkml1, fakeSysdef.A.313, usw. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19