| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.04.2011, 10:27
| #1 |
 |  Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runter Hallo zusammen, seit gestern Abend habe nun auch ich den Kazy Trojaner. Habe einen scvhwarzen Desktop, auf dem nur noch der Papierkorb zu sehen ist. Das schlimmste ist aber, dass sämtliche Dateien verschwunden sind (insbesondere meine externe Festplatte). Im Arbeitsplatz kann ich zwar noch sehen, dass auf der externen Festplatte nur noch ein Teil der Speicherkapazität frei ist, sobald aich aber darauf klicke sehe ich gar keine Daten. Auch die Eigenen Dateien und weiteren persönlichen Ordner sind weg. Ich habe gestern Abend schon einmal versucht, eine Systemwiederherstellung durchlaufen zu lassen, allerdings ohne Erfolg. Der Rechner lässt jetzt automatisch direkt nach dem Hochfahren Windows Recovery durchlaufen. Das Fenster lässt sich auch nicht schließen. Parallel dazu bringt AntiVir immer wieder die Meldung über den Kazy-Virus. Und es kommt eine Windows-Meldung: Windows konnte alle Daten für die Datei \\System32\\496A8300 nicht speichern. Daten verloren. Dieser Fehler kann duch einen Ausfall der Hardware verursacht werden. Ich habe OTL runtergeladen und hier kommt die OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.04.2011 11:11:45 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Daniel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 186,21 Gb Free Space | 79,96% Space Free | Partition Type: NTFS
Drive L: | 465,65 Gb Total Space | 173,18 Gb Free Space | 37,19% Space Free | Partition Type: FAT32
Computer Name: DANIEL | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2011.04.27 11:11:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL(3).exe
PRC - [2011.04.26 19:58:00 | 000,569,344 | -H-- | M] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sFGtypQnwU.exe
PRC - [2011.03.26 00:13:00 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.25 21:34:00 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.18 17:37:16 | 000,037,664 | -H-- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.01.28 18:36:42 | 000,526,336 | -H-- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.01.28 18:10:28 | 000,387,072 | -H-- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2011.01.10 15:23:04 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.29 15:49:28 | 000,249,064 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | -H-- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.07.20 17:21:40 | 000,323,280 | -H-- | M] (Napster) -- C:\Programme\Napster\napster.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.24 11:32:22 | 000,234,792 | -H-- | M] (Skype Technologies S.A.) -- C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009.10.09 17:07:20 | 000,493,248 | -H-- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008.05.24 16:55:45 | 000,185,896 | -H-- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.09 11:20:26 | 000,071,096 | -H-- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2007.06.02 14:08:04 | 001,203,200 | -H-- | M] (RapidSolution Software AG) -- C:\Programme\Tunebite\tunebite.exe
PRC - [2007.01.05 18:12:58 | 000,258,048 | -H-- | M] (SONIX) -- C:\WINDOWS\tsnp2std.exe
PRC - [2006.09.15 14:21:54 | 000,675,840 | -H-- | M] (Sonix) -- C:\WINDOWS\vsnp2std.exe
PRC - [2002.07.23 18:58:06 | 000,012,288 | -H-- | M] () -- C:\Programme\Winamp3\winampa.exe
========== Modules (SafeList) ==========
MOD - [2011.04.27 11:11:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL(3).exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.03.25 21:34:00 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.18 17:37:16 | 000,037,664 | -H-- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.01.28 18:10:28 | 000,387,072 | -H-- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.01.10 15:23:04 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | -H-- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.10.09 17:07:20 | 000,493,248 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008.04.14 04:22:23 | 000,105,472 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008.04.14 04:22:12 | 000,036,864 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2008.03.09 11:20:26 | 000,071,096 | -H-- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005.04.04 00:41:10 | 000,069,632 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - [2011.03.25 21:34:02 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.01.10 15:23:15 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.02.11 14:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.10.09 16:50:48 | 000,020,152 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009.04.30 13:23:16 | 000,016,512 | -H-- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008.03.11 19:54:14 | 004,687,872 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.20 03:00:00 | 000,009,200 | -H-- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.06.20 03:00:00 | 000,009,072 | -H-- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007.05.16 18:10:50 | 000,019,200 | -H-- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007.05.14 21:03:24 | 000,445,696 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007.04.09 12:38:06 | 012,039,552 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2006.11.28 21:46:24 | 000,028,224 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50)
DRV - [2006.11.28 21:46:22 | 000,027,072 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50)
DRV - [2005.01.07 18:07:16 | 000,145,920 | -H-- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.04.14 11:08:00 | 000,044,064 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004.04.14 11:08:00 | 000,021,280 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004.04.14 11:08:00 | 000,010,144 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004.04.14 11:08:00 | 000,005,600 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [1998.09.16 09:07:10 | 000,041,472 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SFC4.SYS -- (SFC4)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.netcologne.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 196.41.132.28:3128
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&apn_uid=85080F19-0CD9-4B3A-9202-A21B862A79DC&apn_ptnrs=U9&apn_sauid=83718C03-5823-4DEA-9AB1-9965A17F0EFA&apn_dtid=&q="
FF - prefs.js..network.proxy.http: "218.27.148.66"
FF - prefs.js..network.proxy.http_port: 8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.05.24 16:55:57 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.27 02:44:51 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.26 00:13:06 | 000,000,000 | -H-D | M]
[2008.08.27 14:59:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Extensions
[2011.04.26 22:20:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\extensions
[2010.08.20 19:09:57 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.26 20:55:59 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.21 22:16:09 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.20 19:09:58 | 000,000,000 | -H-D | M] (Softonic Deutsch Toolbar) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.09.21 22:15:22 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.06.21 19:26:53 | 000,000,000 | -H-D | M] (Add N Edit Cookies) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25c}
[2011.03.26 00:01:45 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\extensions\toolbar@ask.com
[2011.04.26 20:03:37 | 000,002,387 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\searchplugins\askcom.xml
[2008.10.28 13:20:30 | 000,000,894 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\searchplugins\conduit.xml
[2011.04.20 21:12:24 | 000,001,056 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Mozilla\Firefox\Profiles\sk5chltz.default\searchplugins\icqplugin.xml
[2011.04.26 22:20:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.24 09:44:17 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.11.20 19:27:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.22 17:30:23 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.16 00:08:25 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.15 10:30:00 | 000,000,000 | -H-D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2008.12.28 13:23:22 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.03.15 10:30:00 | 000,000,000 | -H-D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF
[2011.02.02 22:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.20 17:21:40 | 000,106,192 | -H-- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
[2010.10.12 22:41:47 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.12 22:41:47 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.12 22:41:47 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.12 22:41:47 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.12 22:41:47 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NapsterShell] C:\Programme\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp3\winampa.exe ()
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] File not found
O4 - HKCU..\Run: [sFGtypQnwU] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sFGtypQnwU.exe (WinTrust)
O4 - HKCU..\Run: [tunebite.exe] C:\Programme\Tunebite\tunebite.exe (RapidSolution Software AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.77 194.8.194.60 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.26 20:03:38 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5688d18b-4177-11df-904c-001485fc7812}\Shell\AutoRun\command - "" = D:\Menu.exe
O33 - MountPoints2\{93f26a26-24a2-11df-8ff9-000e2ef37f85}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.27 11:11:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL(3).exe
[2011.04.27 11:03:52 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Daniel\Recent
[2011.04.27 10:52:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\LastGood
[2011.04.26 23:38:53 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Malwarebytes
[2011.04.26 23:38:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.26 23:38:31 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.26 23:38:29 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.26 23:38:25 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.26 23:38:24 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.26 23:03:36 | 000,000,000 | -H-D | C] -- C:\_OTL
[2011.04.26 22:21:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Windows Recovery
[2011.04.26 22:20:38 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2011.04.26 21:18:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011.04.26 20:56:04 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Avira
[2011.04.26 19:58:01 | 000,569,344 | -H-- | C] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sFGtypQnwU.exe
[2011.04.20 21:11:26 | 000,000,000 | -H-D | C] -- C:\Programme\iPod
[2011.04.20 21:05:51 | 000,000,000 | -H-D | C] -- C:\Programme\Bonjour
[2011.04.13 15:38:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\nani drucken
[2011.04.06 16:20:16 | 000,107,808 | -H-- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011.04.06 16:20:16 | 000,091,424 | -H-- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011.04.04 20:58:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ICQ7.4
[2011.04.04 20:57:08 | 000,000,000 | -H-D | C] -- C:\Programme\ICQ7.4
[2008.03.26 23:04:47 | 000,151,552 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2std.dll
[2008.03.26 23:04:47 | 000,077,824 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
========== Files - Modified Within 30 Days ==========
[2011.04.27 11:11:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL(3).exe
[2011.04.27 11:01:01 | 000,000,228 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.04.27 10:49:14 | 000,001,014 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.04.27 10:48:47 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.27 10:48:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.26 23:38:32 | 000,000,766 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 23:16:00 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.26 22:46:08 | 000,191,572 | -H-- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.04.26 22:23:12 | 000,142,832 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.26 21:17:33 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18145076
[2011.04.26 21:17:32 | 000,000,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18145076r
[2011.04.26 21:15:04 | 000,000,833 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\Windows Recovery.lnk
[2011.04.26 21:14:43 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18145076
[2011.04.26 20:41:09 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.26 20:39:54 | 000,494,868 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.26 20:39:54 | 000,471,434 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.26 20:39:54 | 000,100,016 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.26 20:39:54 | 000,083,602 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.26 19:58:00 | 000,569,344 | -H-- | M] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sFGtypQnwU.exe
[2011.04.26 18:40:40 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.20 21:13:47 | 000,001,846 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk
[2011.04.20 21:12:29 | 000,001,532 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.04.19 13:29:23 | 000,230,400 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.06 16:20:16 | 000,107,808 | -H-- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011.04.06 16:20:16 | 000,091,424 | -H-- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011.04.04 13:27:18 | 000,101,088 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\view.pdf
[2011.03.29 22:33:28 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\er456541.ini
========== Files Created - No Company Name ==========
[2011.04.26 23:38:32 | 000,000,766 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 21:17:32 | 000,000,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18145076r
[2011.04.26 21:17:32 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18145076
[2011.04.26 21:15:04 | 000,000,833 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\Windows Recovery.lnk
[2011.04.26 21:14:43 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18145076
[2011.04.20 21:12:29 | 000,001,532 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2011.04.04 13:27:18 | 000,101,088 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\view.pdf
[2011.03.29 22:33:28 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\er456541.ini
[2010.07.28 21:59:55 | 000,017,408 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.04.15 21:16:48 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.04.06 18:11:32 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\Menu.INI
[2010.01.11 22:05:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\webica.ini
[2009.10.01 23:05:56 | 000,024,596 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.06.07 18:29:17 | 000,348,160 | -H-- | C] () -- C:\WINDOWS\System32\cdga.dll
[2009.04.06 11:32:31 | 000,111,932 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009.04.06 11:32:31 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009.04.06 11:32:31 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009.04.06 11:32:31 | 000,026,154 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009.04.06 11:32:31 | 000,024,903 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009.04.06 11:32:31 | 000,021,390 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009.04.06 11:32:31 | 000,020,148 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009.04.06 11:32:31 | 000,011,811 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009.04.06 11:32:31 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009.04.06 11:32:31 | 000,001,146 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009.04.06 11:32:31 | 000,001,139 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009.04.06 11:32:31 | 000,001,139 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009.04.06 11:32:31 | 000,001,136 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009.04.06 11:32:31 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009.04.06 11:32:31 | 000,001,129 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009.04.06 11:32:31 | 000,001,120 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009.04.06 11:32:31 | 000,001,107 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009.04.06 11:32:31 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009.04.06 11:32:31 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.03.30 23:10:44 | 000,007,680 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.07.21 17:16:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.06.22 19:43:03 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\mxcdr.INI
[2008.06.11 02:07:20 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.05.27 21:15:45 | 000,001,942 | -H-- | C] () -- C:\WINDOWS\ACROREAD.INI
[2008.05.27 21:15:45 | 000,001,901 | -H-- | C] () -- C:\WINDOWS\ATM.INI
[2008.05.27 21:15:45 | 000,000,027 | -H-- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2008.05.27 21:15:39 | 000,041,472 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SFC4.SYS
[2008.04.25 14:05:18 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.13 13:11:26 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\Winamp.ini
[2008.04.13 13:11:10 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\winampa.ini
[2008.04.06 13:46:15 | 000,000,299 | -H-- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2008.04.06 13:39:33 | 000,019,968 | -H-- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008.04.06 13:29:55 | 000,001,208 | -H-- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.04.02 08:34:03 | 000,230,400 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.31 18:07:45 | 000,000,451 | -H-- | C] () -- C:\WINDOWS\lexstat.ini
[2008.03.26 23:51:12 | 000,000,032 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.03.26 23:04:49 | 012,039,552 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2008.03.26 23:04:49 | 000,025,472 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2008.03.26 23:04:49 | 000,015,497 | -H-- | C] () -- C:\WINDOWS\snp2std.ini
[2008.03.26 22:06:55 | 001,724,416 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.03.26 22:06:55 | 001,657,376 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008.03.26 22:06:55 | 001,503,232 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.03.26 22:06:55 | 001,346,080 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008.03.26 22:06:55 | 001,101,824 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.03.26 22:06:55 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.03.26 22:06:55 | 000,449,056 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008.03.26 22:06:55 | 000,436,768 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008.03.26 21:57:16 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.03.26 21:53:18 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2008.03.26 21:47:29 | 000,000,139 | -H-- | C] () -- C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.03.26 21:18:43 | 000,001,276 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2008.03.26 21:15:47 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.03.26 21:15:46 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008.03.26 21:04:07 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008.03.26 20:08:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.03.26 20:06:44 | 000,001,082 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.03.26 20:01:25 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.03.26 19:56:21 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.03.26 19:55:20 | 000,142,832 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.09.30 15:27:09 | 000,121,562 | -H-- | C] () -- C:\WINDOWS\System32\PicFormat32.dll
[2007.09.21 16:13:37 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.09.21 16:13:34 | 001,018,772 | -H-- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004.08.04 14:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 14:00:00 | 000,494,868 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 14:00:00 | 000,471,434 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 14:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 14:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 14:00:00 | 000,100,016 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 14:00:00 | 000,083,602 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 14:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 14:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 14:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 14:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.07.30 11:48:28 | 000,004,711 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.07.30 10:49:22 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.02.12 07:15:38 | 000,331,116 | -H-- | C] () -- C:\WINDOWS\System32\WinDSL-Uninstall.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C39E55C5
< End of report >
Und hier ist dieExtras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.04.2011 11:11:45 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Daniel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 186,21 Gb Free Space | 79,96% Space Free | Partition Type: NTFS
Drive L: | 465,65 Gb Total Space | 173,18 Gb Free Space | 37,19% Space Free | Partition Type: FAT32
Computer Name: DANIEL | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows-Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows-Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:*:Enabled: -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- ()
"C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\EA Sports\FIFA 09\FIFA09.exe" = C:\Programme\EA Sports\FIFA 09\FIFA09.exe:*:Enabled:FIFA09 -- ()
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\AGEIA Technologies\bin\TrayIcon.exe" = C:\Programme\AGEIA Technologies\bin\TrayIcon.exe:*:Enabled:AGEIA PhysX System Tray Icon -- ()
"C:\Programme\Napster\napster.exe" = C:\Programme\Napster\napster.exe:*:Enabled:Napster -- (Napster)
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C44DA52D-C1AA-4142-B01E-FDD85E72CBA3}" = DURO EasyLabel
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"conduitEngine" = Conduit Engine
"Creation Master 09_is1" = Creation Master 09 Release 1.01
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 7.19
"DC-Bass Source" = DC-Bass Source 1.1.1
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Music Manager" = MAGIX Music Manager
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"MAGIX Video deLuxe 2005 2006 PLUS" = MAGIX Video deLuxe 2005 2006 PLUS
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Webclient für Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP4 to MP3 Converter 3" = MP4 to MP3 Converter 3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetCologne" = NetCologne-Installationsdateien entfernen
"NGO NVIDIA Optimized Driver v1.16369" = NGO NVIDIA Optimized Driver v1.16369
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PhotoFiltre" = PhotoFiltre
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"Red Eye Remover_is1" = Red Eye Remover 2.0
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SystemRequirementsLab" = System Requirements Lab
"Tunebite_is1" = Tunebite 4.1.0.21
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.15
"VLC media player" = VLC media player 0.9.8a
"Web Photo Album_is1" = Web Photo Album 1.1
"Winamp3" = Winamp3 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ws4.webspeech" = G DATA WebSpeech 4
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD to iPod Converter SE 5" = Xilisoft DVD to iPod Converter SE 5
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.04.2011 17:14:45 | Computer Name = DANIEL | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{f96576f0-fb64-11dc-8c7c-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 26.04.2011 17:14:45 | Computer Name = DANIEL | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{f96576f1-fb64-11dc-8c7c-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 26.04.2011 17:15:08 | Computer Name = DANIEL | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 27.04.2011 04:52:01 | Computer Name = DANIEL | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
hr=0x800700a1
Error - 27.04.2011 04:52:10 | Computer Name = DANIEL | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{f96576f0-fb64-11dc-8c7c-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.04.2011 04:52:10 | Computer Name = DANIEL | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{f96576f1-fb64-11dc-8c7c-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.04.2011 04:52:49 | Computer Name = DANIEL | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 27.04.2011 04:55:31 | Computer Name = DANIEL | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{f96576f0-fb64-11dc-8c7c-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.04.2011 04:55:31 | Computer Name = DANIEL | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{f96576f1-fb64-11dc-8c7c-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.04.2011 04:55:54 | Computer Name = DANIEL | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
[ Cisco AnyConnect VPN Client Events ]
Error - 29.01.2011 03:25:24 | Computer Name = DANIEL | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
[ System Events ]
Error - 27.04.2011 04:50:06 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc.
Error - 27.04.2011 04:50:07 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 27.04.2011 04:50:07 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 27.04.2011 04:50:36 | Computer Name = DANIEL | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst WZCSVC.
Error - 27.04.2011 04:53:36 | Computer Name = DANIEL | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom1 nicht verwalten.
Die Datenbank ist beschädigt.
Error - 27.04.2011 04:53:37 | Computer Name = DANIEL | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom0 nicht verwalten.
Die Datenbank ist beschädigt.
Error - 27.04.2011 04:54:07 | Computer Name = DANIEL | Source = VolSnap | ID = 393228
Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend
Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde.
Error - 27.04.2011 04:55:01 | Computer Name = DANIEL | Source = VolSnap | ID = 393241
Description = Die Schattenkopie von Volume "C:" wurde abgebrochen, weil die Bereichsvergleichsdatei
nicht rechtzeitig vergrößert wurde. Verringern Sie die E/A-Last auf diesem System,
um dieses Problem zukünftig zu verhindern.
Error - 27.04.2011 04:56:37 | Computer Name = DANIEL | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom1 nicht verwalten.
Die Datenbank ist beschädigt.
Error - 27.04.2011 04:56:38 | Computer Name = DANIEL | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom0 nicht verwalten.
Die Datenbank ist beschädigt.
< End of report >
Ich bitte dringend um Hilfe, da gerade auf der externen GFestplatte sehr wichtige Dateien für mich sind. Gruß |
| Themen zu Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runter |
| 0x00000001, alternate, antivir, avgntflt.sys, avira, bho, bonjour, cdburnerxp, conduit, converter, dateien verschwunden, desktop, disabletaskmgr, dringend, error, failed, festplatte, firefox, flash player, google chrome, hdaudio.sys, home, location, logfile, mozilla, oldtimer, otl.txt, pdfforge toolbar, plug-in, problem, realtek, registry, routine, saver, scan, searchplugins, security, server, shell32.dll, shortcut, softonic, softonic deutsch toolbar, software, spigot, studio, trojaner, unerwarteter fehler, video converter, windows, windows internet |
Baum-Darstellung