| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "TR/Kazy.mekml.1" eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.05.2011, 19:33
| #1 |
| |  "TR/Kazy.mekml.1" eingefangen Guten Abend, habe mir heute den "TR/Kazy.mekml.1" Virus eingefangen; wie anscheinend auch einige andere hier im Forum. Symptome: - AntiVir Fund: In der Datei 'C:\ProgramData\32169720.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.mekml.1' [trojan] gefunden. - schwarzer Desktophintergrund - Dateien und Ordner nicht sichtbar (Explorer, Startmenü, Desktop) - Fehlermeldung: "Festplatte beschädigt" edit: - Fehlermeldung in der Taskleiste von "Windows Security Alert": Kritischer Fehler: Fehler der Festplatte RAM-Speicher Nutzung ist kritisch hoch. RAM-Speicher gescheitert. - Fehlermeldung. "Windows - Datenverlust beim Schreiben": Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. Dieser Fehler kann durch einen Ausfall der Hardware verursacht werden. mit Optionen "Abbrechen" "Wiederholen" "Weiter" wenn ich da irgendwo draufklick startet der PC neu hoffe ich habe das mit den Logfiles richtig verstanden... ...und schonmal im vorraus VIELEN DANK für jegliche Hilfe :-) OTL-Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 09.05.2011 17:39:21 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Phil\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,18 Gb Total Space | 11,51 Gb Free Space | 33,67% Space Free | Partition Type: NTFS Drive D: | 197,73 Gb Total Space | 38,46 Gb Free Space | 19,45% Space Free | Partition Type: NTFS Drive F: | 1,87 Gb Total Space | 0,08 Gb Free Space | 4,52% Space Free | Partition Type: FAT Computer Name: PHIL-PC | User Name: Phil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.09 17:27:56 | 000,510,976 | -H-- | M] (QNP) -- C:\ProgramData\xoenoTQskssTH.exe PRC - [2011.04.13 05:38:52 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe PRC - [2010.04.04 07:42:51 | 000,036,272 | ---- | M] (Adobe Systems Incorporated) -- D:\Programme\Adobe Reader 9.2\Reader\reader_sl.exe PRC - [2009.12.23 19:38:35 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe PRC - [2009.12.08 10:19:29 | 000,470,785 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.13 12:26:28 | 000,466,689 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\avscan.exe PRC - [2009.08.10 09:14:26 | 000,027,184 | ---- | M] () -- C:\Windows\snuvcdsm.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009.07.14 03:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.07.03 08:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\Windows\PLFSetL.exe ========== Modules (SafeList) ========== MOD - [2011.04.13 05:38:52 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2009.12.23 19:38:35 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) ========== Driver Services (SafeList) ========== DRV - [2010.12.25 15:42:03 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.12.25 15:42:01 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.07.20 16:18:10 | 000,029,696 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Phil\AppData\Local\Temp\jnv4_mib.sys -- (jnv4_mib) DRV - [2009.12.08 10:19:31 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.09.10 11:29:50 | 001,761,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.06.29 11:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.05 19:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2009.02.05 19:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2009.02.05 19:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531) DRV - [2008.02.22 16:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008.02.22 16:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008.02.22 16:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007.08.08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 76 24 6E C4 0B CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=foxload&type=moz35awe&p=" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/mediathek/videos/gute_nachricht/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.05.09 15:21:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.05.09 15:21:41 | 000,000,000 | ---D | M] [2009.12.02 22:12:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Extensions [2011.01.21 21:41:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\r7d7sxub.default\extensions [2010.07.05 10:36:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\mozilla\Firefox\Profiles\r7d7sxub.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}-trash File not found (No name found) -- [2010.06.11 17:41:46 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009.01.15 20:53:03 | 000,616,448 | -H-- | M] (ArtistScope) -- C:\Programme\Mozilla Firefox\plugins\npArtistScope42.dll [2009.02.02 08:06:56 | 000,211,456 | -H-- | M] (ArtistScope) -- C:\Programme\Mozilla Firefox\plugins\npArtistScopeDRM11.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programme\Adobe Reader 9.2\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [xoenoTQskssTH] C:\ProgramData\xoenoTQskssTH.exe (QNP) O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Phil\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{26d3f227-136a-11e0-b459-0019db9f30e3}\Shell - "" = AutoRun O33 - MountPoints2\{26d3f227-136a-11e0-b459-0019db9f30e3}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{26d3f240-136a-11e0-b459-0019db9f30e3}\Shell - "" = AutoRun O33 - MountPoints2\{26d3f240-136a-11e0-b459-0019db9f30e3}\Shell\AutoRun\command - "" = I:\autorun.exe O33 - MountPoints2\{4e5b0159-ec3f-11de-a12b-0019dbedf203}\Shell - "" = AutoRun O33 - MountPoints2\{4e5b0159-ec3f-11de-a12b-0019dbedf203}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{b222f6f6-48a5-11df-840b-0019dbedf203}\Shell - "" = AutoRun O33 - MountPoints2\{b222f6f6-48a5-11df-840b-0019dbedf203}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\StartUp.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.09 17:27:56 | 000,510,976 | -H-- | C] (QNP) -- C:\ProgramData\xoenoTQskssTH.exe [2011.05.09 14:51:43 | 000,000,000 | -H-D | C] -- C:\Users\Phil\AppData\Roaming\rockbox.org [2011.05.03 15:24:02 | 000,000,000 | -H-D | C] -- C:\Users\Phil\AppData\Local\Divinity 2 [2011.05.03 15:23:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Divinity II - Ego Draconis [2011.05.03 15:23:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Divinity 2 [2011.04.13 05:38:54 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.09 17:45:09 | 000,658,478 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.09 17:45:09 | 000,611,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.09 17:45:09 | 000,130,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.09 17:45:09 | 000,107,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.09 17:45:06 | 000,014,016 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.09 17:45:00 | 000,014,016 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.09 17:35:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.09 17:35:09 | 1609,158,656 | -HS- | M] () -- C:\hiberfil.sys [2011.05.09 17:27:56 | 000,510,976 | -H-- | M] (QNP) -- C:\ProgramData\xoenoTQskssTH.exe [2011.05.03 15:23:15 | 000,000,817 | -H-- | M] () -- C:\Users\Phil\Desktop\Divinity II - Ego Draconis.lnk [2011.04.15 15:05:18 | 000,289,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 17:54:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf [2011.04.13 17:44:02 | 000,000,567 | -H-- | M] () -- C:\Users\Phil\Desktop\Project64.lnk [2011.04.13 17:04:11 | 002,224,875 | -H-- | M] () -- C:\Users\Phil\Desktop\facharbeit+original1.2.odt [2011.04.13 05:38:52 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe [2011.04.13 05:03:13 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~33087240r [2011.04.13 05:03:13 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~33087240 [2011.04.13 05:02:40 | 000,000,328 | -H-- | M] () -- C:\ProgramData\33087240 [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.03 15:23:15 | 000,000,817 | -H-- | C] () -- C:\Users\Phil\Desktop\Divinity II - Ego Draconis.lnk [2011.04.13 17:54:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf [2011.04.13 17:44:02 | 000,000,567 | -H-- | C] () -- C:\Users\Phil\Desktop\Project64.lnk [2011.04.13 17:04:08 | 002,224,875 | -H-- | C] () -- C:\Users\Phil\Desktop\facharbeit+original1.2.odt [2011.04.13 05:03:13 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~33087240r [2011.04.13 05:03:11 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~33087240 [2011.04.13 05:02:40 | 000,000,328 | -H-- | C] () -- C:\ProgramData\33087240 [2011.01.03 18:59:48 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.12.30 01:10:23 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.12.30 01:10:23 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.12.29 20:13:07 | 000,001,449 | ---- | C] () -- C:\Windows\wininit.ini [2010.12.29 20:07:41 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2010.12.25 15:42:03 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.12.25 15:42:01 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.06 18:11:46 | 000,000,017 | -H-- | C] () -- C:\Users\Phil\AppData\Local\resmon.resmoncfg [2010.06.11 16:28:41 | 000,017,408 | -H-- | C] () -- C:\Users\Phil\AppData\Local\WebpageIcons.db [2010.05.02 14:31:52 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.05.01 17:06:58 | 000,233,472 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe [2010.03.03 23:32:59 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.03.03 22:58:01 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.12.23 19:38:35 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe [2009.12.03 02:00:48 | 000,000,059 | -H-- | C] () -- C:\Users\Phil\AppData\Roaming\GoodnightTimer.ini [2009.09.10 11:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.08.10 09:14:26 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 10:47:43 | 000,658,478 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,950 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,289,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,611,472 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,658 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.11 10:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2008.12.29 10:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys ========== LOP Check ========== [2011.02.11 17:21:08 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\.minecraft [2010.11.17 22:37:43 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\digital publishing [2011.01.20 22:56:42 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.09 17:33:08 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\foobar2000 [2010.06.11 17:35:20 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\JLC's Software [2010.04.17 21:26:53 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\Leadertech [2011.03.10 20:41:16 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\Miranda [2009.12.07 23:52:32 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\OpenOffice.org [2011.05.09 14:51:43 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\rockbox.org [2010.03.03 23:33:21 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\Samsung [2010.03.27 19:43:03 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\Ubisoft [2011.02.23 19:00:28 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\Vocup [2010.04.17 20:14:11 | 000,000,000 | -H-D | M] -- C:\Users\Phil\AppData\Roaming\Wormux [2011.02.18 14:52:20 | 000,032,640 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 09.05.2011 17:39:21 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Phil\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 11,51 Gb Free Space | 33,67% Space Free | Partition Type: NTFS
Drive D: | 197,73 Gb Total Space | 38,46 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive F: | 1,87 Gb Total Space | 0,08 Gb Free Space | 4,52% Space Free | Partition Type: FAT
Computer Name: PHIL-PC | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"foobar2000" = foobar2000 v0.9.6.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Miranda IM" = Miranda IM 0.9.17
"Moppi Flower Saver Installer_is1" = Moppi Flower Saver 1.0
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.3
"Vocup_is1" = Vocup 1.3.2
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2011 08:25:08 | Computer Name = Phil-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.05.2011 08:25:08 | Computer Name = Phil-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.05.2011 11:28:25 | Computer Name = Phil-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GUARDGUI.EXE, Version: 9.0.3.0, Zeitstempel:
0x49e5b363 Name des fehlerhaften Moduls: dll.dll, Version: 0.0.0.0, Zeitstempel:
0x4d776bbf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000220a ID des fehlerhaften Prozesses:
0xb1c Startzeit der fehlerhaften Anwendung: 0x01cc0e5dba276c29 Pfad der fehlerhaften
Anwendung: D:\Programme\Avira\AntiVir Desktop\GUARDGUI.EXE Pfad des fehlerhaften
Moduls: C:\Windows\system32\dll.dll Berichtskennung: fa9f85c7-7a50-11e0-b454-0019dbedf203
Error - 09.05.2011 11:28:27 | Computer Name = Phil-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc2d9 Name des fehlerhaften Moduls: dll.dll, Version: 0.0.0.0,
Zeitstempel: 0x4d776bbf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000220a ID des fehlerhaften
Prozesses: 0x580 Startzeit der fehlerhaften Anwendung: 0x01cc0e5dbc08bae2 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\WerFault.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\dll.dll Berichtskennung: fc27b89c-7a50-11e0-b454-0019dbedf203
Error - 09.05.2011 11:29:06 | Computer Name = Phil-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GUARDGUI.EXE, Version: 9.0.3.0, Zeitstempel:
0x49e5b363 Name des fehlerhaften Moduls: dll.dll, Version: 0.0.0.0, Zeitstempel:
0x4d776bbf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000220a ID des fehlerhaften Prozesses:
0x1318 Startzeit der fehlerhaften Anwendung: 0x01cc0e5dd27756ea Pfad der fehlerhaften
Anwendung: D:\Programme\Avira\AntiVir Desktop\GUARDGUI.EXE Pfad des fehlerhaften
Moduls: C:\Windows\system32\dll.dll Berichtskennung: 130e953f-7a51-11e0-b454-0019dbedf203
Error - 09.05.2011 11:29:23 | Computer Name = Phil-PC | Source = VSS | ID = 8194
Description =
Error - 09.05.2011 11:31:09 | Computer Name = Phil-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: dll.dll, Version: 0.0.0.0,
Zeitstempel: 0x4d776bbf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000220a ID des fehlerhaften
Prozesses: 0x1408 Startzeit der fehlerhaften Anwendung: 0x01cc0e5dbbba336e Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\dll.dll Berichtskennung: 5c788607-7a51-11e0-b454-0019dbedf203
Error - 09.05.2011 11:33:04 | Computer Name = Phil-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSASCui.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc537 Name des fehlerhaften Moduls: dll.dll, Version: 0.0.0.0,
Zeitstempel: 0x4d776bbf Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000220a ID des fehlerhaften
Prozesses: 0x13e8 Startzeit der fehlerhaften Anwendung: 0x01cc0e5dc8728d39 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Defender\MSASCui.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\dll.dll Berichtskennung: a0fdb935-7a51-11e0-b454-0019dbedf203
Error - 09.05.2011 11:35:39 | Computer Name = Phil-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.05.2011 11:35:39 | Computer Name = Phil-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 29.12.2010 16:45:07 | Computer Name = Phil-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 29.12.2010 16:45:14 | Computer Name = Phil-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 29.12.2010 16:45:16 | Computer Name = Phil-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 29.12.2010 16:45:24 | Computer Name = Phil-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 29.12.2010 16:45:28 | Computer Name = Phil-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 29.12.2010 16:45:30 | Computer Name = Phil-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 29.12.2010 16:45:34 | Computer Name = Phil-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 29.12.2010 16:45:37 | Computer Name = Phil-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 29.12.2010 16:45:41 | Computer Name = Phil-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.12.2010 00:08:14 | Computer Name = Phil-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?12.?2010 um 05:03:01 unerwartet heruntergefahren.
< End of report >
Grüße Philles Geändert von Philles58 (09.05.2011 um 19:51 Uhr) |
| Themen zu "TR/Kazy.mekml.1" eingefangen |
| antivir, autorun, avgntflt.sys, avira, converter, defender, device driver, disabletaskmgr, error, fehlermeldung, festplatte, firefox, flash player, format, install.exe, langs, location, mozilla, mp3, nicht sichtbar, nvlddmkm.sys, oldtimer, plug-in, programm, registry, rundll, scan, security, shell32.dll, software, start menu, studio, svchost.exe, trojan, usb, virus, webcheck, windows, windows security |
Baum-Darstellung