Trojaner-Board - Trojan-Spy.Win32.Zbot.eois und weitere

Guten Abend liebes Forum.

Ich habe noch nie in einem Forum was gepostet und kenne mich wenig damit aus.

Habe seit heute folgendes Problem:

Es erscheinen immer komische Windows-Meldungen beim Online-Banking

Kaspersky hat festgestellt:

- Trojan-Spy.Win32.Zbot.epqb
- Trojan-Spy.Win32.Zbot.eqaf
- Trojan-Spy.Win32.Zbot.eois
- Trojan-Spy.Win32.Zbot.eois
- Trojan-Spy.Win32.Zbot.envg
- Trojan-Spy.Win32.Zbot.eois
- Trojan-Spy.Win32.Zbot.eois

Ich finde keine Lösungen in Foren und/oder sie klappen nicht.

Wie muss ich vorgehen? Was muss ich tun?

Defooger: Finished

OTL:OTL Logfile:

Code:

OTL logfile created on: 16.08.2012 21:27:31 - Run 1

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,44% Memory free

3,34 Gb Paging File | 2,64 Gb Available in Paging File | 78,78% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 143,90 Gb Free Space | 61,79% Space Free | Partition Type: NTFS

 

Computer Name: PC1 | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.08.16 21:26:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jan Oliver Venn\Desktop\OTL.exe

PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

PRC - [2008.04.14 04:23:01 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006.03.30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll

MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll

MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll

MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll

MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll

MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll

MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - File not found [Auto | Stopped] -- C:\Programme\a-squared Anti-Dialer\a2service.exe -- (a2AntiDialer)

SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (avp)

SRV - [2008.04.14 04:23:01 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

SRV - [2006.03.30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005.02.09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Winsock - Google Desktop Search Backup Before Last Install)

DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Winsock - Google Desktop Search Backup Before First Install)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\JANOLI~1\LOKALE~1\Temp\esihdrv.sys -- (esihdrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\JANOLI~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.04.20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)

DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)

DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2006.12.12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)

DRV - [2006.05.19 09:44:52 | 003,965,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)

DRV - [2006.02.28 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2006.02.28 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2005.12.21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)

DRV - [2005.12.21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)

DRV - [2005.12.21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)

DRV - [2005.09.23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2005.08.18 11:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)

DRV - [2005.05.27 11:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005.04.05 21:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005.04.05 21:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005.01.31 12:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928)

DRV - [2004.08.03 22:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)

DRV - [2004.08.03 22:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)

DRV - [2004.08.03 22:41:42 | 000,129,535 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnt7554.sys -- (Slnt7554)

DRV - [2004.08.03 22:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)

DRV - [2004.08.03 22:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)

DRV - [2004.08.03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)

DRV - [2004.08.03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\SearchScopes,DefaultScope = {5DA0D088-2A4C-40CA-92C8-E00C6551E847}

IE - HKCU\..\SearchScopes\{5DA0D088-2A4C-40CA-92C8-E00C6551E847}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKCU\..\SearchScopes\{E4D1B9B0-62C7-4BC3-ACA6-4B82CA148D59}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=1fa1af39-2966-405c-ac2d-0949ff15f166&apn_sauid=9BA9E626-2159-4447-AF19-B3F01F3527BD

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.08.16 16:46:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.08.16 16:46:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.08.16 16:46:03 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2010.11.18 09:33:37 | 000,428,037 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        1001-search.info

O1 - Hosts: 127.0.0.1        www.1001-search.info

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        123topsearch.com

O1 - Hosts: 127.0.0.1        www.123topsearch.com

O1 - Hosts: 127.0.0.1        132.com

O1 - Hosts: 127.0.0.1        www.132.com

O1 - Hosts: 127.0.0.1        136136.net

O1 - Hosts: 127.0.0.1        www.136136.net

O1 - Hosts: 14748 more lines...

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (TimerBHO Class) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\Coupish\updatebhoWin32.dll (Trioris)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [Zozev] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Zifu\ymkin.exe (Arctic Cooling)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} hxxp://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180025676781 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D51F3540-4B30-49E3-9E1D-4403B05C4415}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\Coupish\tdataprotocol.dll (Blabbers Communications Ltd)

O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\Coupish\tdataprotocol.dll (Blabbers Communications Ltd)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\Coupish\tdataprotocol.dll (Blabbers Communications Ltd)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.05.26 22:34:30 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{d1677eaa-e90f-11df-af5d-001617bdef6d}\Shell\AutoRun\command - "" = F:\sources\sperr32.exe x64

O33 - MountPoints2\{e1ff328b-11de-11e0-afdf-001617bdef6d}\Shell - "" = AutoRun

O33 - MountPoints2\{e1ff328b-11de-11e0-afdf-001617bdef6d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e1ff328b-11de-11e0-afdf-001617bdef6d}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.16 21:26:51 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2012.08.16 19:53:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations

[2012.08.16 19:50:48 | 000,000,000 | ---D | C] -- C:\kav

[2012.08.16 19:26:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent

[2012.08.16 17:49:08 | 000,108,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ZBotKiller.exe

[2012.08.16 16:37:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data

[2012.08.16 16:32:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2012

[2012.08.16 15:37:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe

[2012.08.16 14:06:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2012.08.10 12:53:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Zifu

[2012.08.10 12:53:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wiac

[2012.08.10 12:53:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mydyce

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.16 21:30:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.08.16 21:26:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe

[2012.08.16 21:25:00 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012.08.16 21:23:03 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.08.16 21:23:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.08.16 21:19:31 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Defogger.exe

[2012.08.16 20:15:59 | 000,088,556 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.08.16 20:15:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.08.16 20:10:00 | 000,001,268 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-1935655697-725345543-1004UA.job

[2012.08.16 17:58:07 | 000,108,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ZBotKiller.exe

[2012.08.16 16:45:55 | 000,116,189 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2012.08.16 16:45:55 | 000,098,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2012.08.16 16:38:51 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2012.08.16 16:06:32 | 000,092,171 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2012.08.16 14:10:00 | 000,001,246 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-1935655697-725345543-1004Core.job

[2012.08.16 13:42:41 | 090,199,272 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\avira_free_antivirus_de_12001167.exe

[2012.08.16 12:38:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012.08.14 21:03:17 | 000,007,680 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.08.13 15:00:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.08.13 00:53:51 | 000,102,657 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\6.jpg

[2012.08.06 02:00:23 | 000,243,335 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image5.jpg

[2012.08.04 19:04:23 | 000,332,750 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image4.jpg

[2012.07.28 05:07:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2012.07.26 19:02:36 | 000,319,224 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image3.jpg

[2012.07.26 01:39:28 | 000,283,485 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image2.jpg

[2012.07.26 01:39:24 | 000,051,383 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image1.jpg

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.08.16 21:25:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable

[2012.08.16 21:19:30 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Defogger.exe

[2012.08.16 16:38:49 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db

[2012.08.16 13:42:38 | 090,199,272 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\avira_free_antivirus_de_12001167.exe

[2012.08.13 00:54:47 | 000,102,657 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\6.jpg

[2012.08.06 02:00:23 | 000,243,335 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image5.jpg

[2012.08.04 19:04:23 | 000,332,750 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image4.jpg

[2012.07.26 19:02:36 | 000,319,224 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image3.jpg

[2012.07.26 01:39:28 | 000,283,485 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image2.jpg

[2012.07.26 01:39:24 | 000,051,383 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\image1.jpg

[2011.07.14 03:57:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\ntuser.rhk

[2010.01.10 06:28:02 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache

[2009.12.23 04:51:00 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini

[2009.05.26 22:36:28 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2007.06.23 15:01:56 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2007.05.25 15:25:11 | 000,000,127 | ---- | C] () -- C:\Dokumente und Einstellungen\***\default.pls

[2007.05.14 14:29:22 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== LOP Check ==========

 

[2012.08.16 15:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Farm Fishes

[2012.06.06 12:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy-PizzaParty

[2012.05.30 01:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy2

[2012.05.20 20:29:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy3

[2008.03.14 23:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios

[2010.02.19 20:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!

[2010.01.10 09:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Perfect-Tree

[2009.05.26 22:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle

[2009.05.26 22:40:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio

[2009.10.24 03:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan

[2012.04.01 09:19:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

[2011.07.14 04:02:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

[2008.03.26 17:29:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon

[2010.02.19 05:59:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Desktopicon

[2011.07.22 23:15:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft

[2011.07.22 23:14:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2011.07.18 16:19:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ElevatedDiagnostics

[2007.12.07 14:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EverAd

[2012.03.03 20:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

[2007.05.13 01:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite

[2011.09.25 03:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LEGO Company

[2012.08.10 12:53:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mydyce

[2010.01.13 03:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Neverball

[2010.01.20 20:04:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Playrix Entertainment

[2009.10.07 03:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\proDAD

[2011.07.14 04:00:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue

[2012.08.16 18:29:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wiac

[2012.08.10 12:53:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Zifu

[2012.08.16 14:10:00 | 000,001,246 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-1935655697-725345543-1004Core.job

[2012.08.16 20:10:00 | 000,001,268 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1220945662-1935655697-725345543-1004UA.job

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 223 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F1175E1D

@Alternate Data Stream - 209 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2F141B68

@Alternate Data Stream - 202 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E45C22B7

@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FBE5FDB9

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3B4DA230

@Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1F7A10DD
 

< End of report >

--- --- ---

--- --- ---

OTL Extra:OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 16.08.2012 21:27:31 - Run 1

OTL by OldTimer - Version 3.2.57.0     Folder = C:\Dokumente und Einstellungen\***\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,44% Memory free

3,34 Gb Paging File | 2,64 Gb Available in Paging File | 78,78% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 232,88 Gb Total Space | 143,90 Gb Free Space | 61,79% Space Free | Partition Type: NTFS

 

Computer Name: PC1 | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite

"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )

"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)

"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)

"C:\Programme\Starcraft\StarCraft.exe" = C:\Programme\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)

"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer

"C:\Programme\Maxis\SimCity 3000 Deutschland\Apps\Updater\UPDATER.EXE" = C:\Programme\Maxis\SimCity 3000 Deutschland\Apps\Updater\UPDATER.EXE:*:Disabled:SC3UpdaterMFC

"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2

"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6

"C:\Programme\Pinnacle\Studio 11\programs\RM.exe" = C:\Programme\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)

"C:\Programme\Pinnacle\Studio 11\programs\Studio.exe" = C:\Programme\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)

"C:\Programme\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Programme\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )

"C:\Programme\Pinnacle\Studio 11\programs\umi.exe" = C:\Programme\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)

"C:\Dokumente und Einstellungen\***\Eigene Dateien\Bomberman.exe" = C:\Dokumente und Einstellungen\***\Eigene Dateien\Bomberman.exe:*:Disabled:Bomberman

"C:\Programme\MSN BackUp\MSNBackup.exe" = C:\Programme\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp

"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader -- ( )

"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"C:\Programme\Malefiz\bin\win32\malefiz.exe" = C:\Programme\Malefiz\bin\win32\malefiz.exe:*:Enabled:malefiz -- ()

"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD

"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9870C7AE-7C6A-478D-9A75-35827382220F}" = Pinnacle Systems USB-2 Device Drivers

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds

"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C4A0C307-053A-4335-8B28-60E901DB1031}" = Nero 7 Essentials

"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DDC2B636-4F9F-4241-9B15-4DF12C97CF4A}" = Studio 11

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Access 97rt PAN EURO G" = Access 97rt PAN EURO G

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Audacity_is1" = Audacity 1.2.0

"BFG-Alpha Ball 2" = Alpha Ball 2 (remove only)

"BFGC" = Big Fish Games: Game Manager

"BFG-Fishdom" = Fishdom

"BFG-Fishdom H2O - Hidden Odyssey" = Fishdom H2O: Hidden Odyssey ™

"CAL" = Canon Camera Access Library

"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"CCleaner" = CCleaner (remove only)

"Coupish" = Coupish

"CSCLIB" = Canon Camera Support Core Library

"eBay Icon" = eBay Icon

"EOS Utility" = Canon Utilities EOS Utility

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"Farm Frenzy - Frische Fische" = Farm Frenzy - Frische Fische

"Farm Frenzy 2" = Farm Frenzy 2

"Farm Frenzy 3" = Farm Frenzy 3

"FarmFrenzy Pizza Party" = FarmFrenzy Pizza Party

"Fishdom - Holiday Edition_is1" = Fishdom - Holiday Edition 1.0

"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.10.722

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722

"Google Updater" = Google Updater

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"Malefiz_is1" = Malefiz

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MsgPlus! Plugin" = Messenger Plus! 3

"Neverball" = Neverball 1.5.4

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"PhotoStitch" = Canon Utilities PhotoStitch

"PLATT!" = PLATT!

"PopWall1.8" = PopWall

"QcDrv" = Logitech® Camera-Treiber

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 6.0" = RealPlayer

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"SimCity 3000" = SimCity 3000

"SimpleScreenshot" = SimpleScreenshot 1.30

"Sky Hero Adventure_is1" = Sky Hero Adventure version 3.0

"Starcraft" = Starcraft

"VLC media player" = VLC media player 0.9.9

"Waldmeister Sause XXL - Winteredition_is1" = Waldmeister Sause XXL - Winteredition

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Wespenjagd 2" = Wespenjagd 2

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR Archivierer

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"New LEGO Digital Designer" = LEGO Digital Designer

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 16.08.2012 08:44:06 | Computer Name = PC1 | Source = VSS | ID = 5013

Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"

 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert

 in 0x800423f3) fehlgeschlagen.

 

Error - 16.08.2012 09:11:55 | Computer Name = PC1 | Source = VSS | ID = 12289

Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{4305576e-e904-11df-af5c-806d6172696f},0xc0000000,0x00000003,...)".

 hr = 0x80070005.

 

Error - 16.08.2012 09:11:55 | Computer Name = PC1 | Source = VSS | ID = 12289

Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{afe99243-00ab-11dc-b2b4-806d6172696f},0xc0000000,0x00000003,...)".

 hr = 0x80070005.

 

Error - 16.08.2012 09:12:20 | Computer Name = PC1 | Source = VSS | ID = 5013

Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"

 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert

 in 0x800423f3) fehlgeschlagen.

 

Error - 16.08.2012 09:31:27 | Computer Name = PC1 | Source = VSS | ID = 12289

Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{4305576e-e904-11df-af5c-806d6172696f},0xc0000000,0x00000003,...)".

 hr = 0x80070005.

 

Error - 16.08.2012 09:31:27 | Computer Name = PC1 | Source = VSS | ID = 12289

Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{afe99243-00ab-11dc-b2b4-806d6172696f},0xc0000000,0x00000003,...)".

 hr = 0x80070005.

 

Error - 16.08.2012 09:31:50 | Computer Name = PC1 | Source = VSS | ID = 5013

Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"

 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert

 in 0x800423f3) fehlgeschlagen.

 

Error - 16.08.2012 09:34:58 | Computer Name = PC1 | Source = VSS | ID = 12289

Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{4305576e-e904-11df-af5c-806d6172696f},0xc0000000,0x00000003,...)".

 hr = 0x80070005.

 

Error - 16.08.2012 09:34:58 | Computer Name = PC1 | Source = VSS | ID = 12289

Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{afe99243-00ab-11dc-b2b4-806d6172696f},0xc0000000,0x00000003,...)".

 hr = 0x80070005.

 

Error - 16.08.2012 09:35:20 | Computer Name = PC1 | Source = VSS | ID = 5013

Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"

 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert

 in 0x800423f3) fehlgeschlagen.

 

[ System Events ]

Error - 16.08.2012 12:43:52 | Computer Name = PC1 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   i8042prt

 

Error - 16.08.2012 12:48:32 | Computer Name = PC1 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "a-squared Anti-Dialer Service" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 16.08.2012 12:48:34 | Computer Name = PC1 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   i8042prt

 

Error - 16.08.2012 13:02:00 | Computer Name = PC1 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "a-squared Anti-Dialer Service" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 16.08.2012 13:02:02 | Computer Name = PC1 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   i8042prt

 

Error - 16.08.2012 13:29:27 | Computer Name = PC1 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "a-squared Anti-Dialer Service" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 16.08.2012 13:29:29 | Computer Name = PC1 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   i8042prt

 

Error - 16.08.2012 14:16:12 | Computer Name = PC1 | Source = Service Control Manager | ID = 7000

Description = Der Dienst "a-squared Anti-Dialer Service" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%2

 

Error - 16.08.2012 14:16:14 | Computer Name = PC1 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   i8042prt

 

Error - 16.08.2012 14:51:03 | Computer Name = PC1 | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse

 001617BDEF6D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 

eine DHCPNACK-Meldung gesendet).

 

 

< End of report >

--- --- ---

Gmer (Schritt 3)kann ich nicht downloaden.
Folgende Meldung kommt: 404. That’s an error.
The requested URL /files.php was not found on this server. That’s all we know.