C:Dokumente und Einstellung/.../ARK8D.tmp wird immer wieder angezeigt!!!

jurke · 06.04.2012, 11:05

Ich habe seit einiger Zeit Probleme mit meinem Rechner. Da ich nicht wirklich Ahnung von dem Ding habe, wende ich mich an euch!
Mein Antivir meldet mir immer wieder das es C

okumente und Einstellung/.../ARK8D.tmp gefunden hat und immer wieder versuche ich es zu entfernen, aber es geht nicht weg. Außerdem findet mein Spybot auch immer diese win32.muollo Datei und kann sie nicht löschen.
Ich weiß dazu gibt es im Forum schon einige Beiträge, aber da die schon ziemlich alt sind hatte ich die Befürchtung, dass sich dann keiner meinem Problem annehmen würde und außerdem schnalle ich das mit den Subforen nicht wirklich.

Vorab hab ich mich Informiert wie ich das mit dem Malewarebyte und dem OTL mache, also siehe unten die Logfiles.

Vorrab recht herzlichen danke für eure mühe

Malewarebyte Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.06.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
gurke :: TON-C264E2D91E6 [Administrator]

06.04.2012 10:58:51
mbam-log-2012-04-06 (10-58-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 306066
Laufzeit: 54 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\System Volume Information\_restore{D04484A6-6BF5-41EA-BFD3-D3ABF0BA179D}\RP288\A0087664.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL Log

OTL logfile created on: 06.04.2012 11:56:42 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\juhu\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,51% Memory free
3,85 Gb Paging File | 2,76 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 5,49 Gb Free Space | 22,50% Space Free | Partition Type: NTFS
Drive D: | 273,67 Gb Total Space | 39,15 Gb Free Space | 14,30% Space Free | Partition Type: NTFS

Computer Name: TON-C264E2D91E6 | User Name: juhu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\juhu\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Mozilla\firefox.exe (Mozilla Corporation)
PRC - C:\Dokumente und Einstellungen\juhu\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Antivir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Antivir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - D:\Antivir\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - D:\Spybot\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - D:\Mozilla\mozjs.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - D:\Antivir\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - D:\Spybot\Spybot - Search & Destroy\sqlite3.dll ()
MOD - D:\Spybot\Spybot - Search & Destroy\Plugins\Fennel.dll ()
MOD - D:\Spybot\Spybot - Search & Destroy\Plugins\Chai.dll ()
MOD - D:\Spybot\Spybot - Search & Destroy\Plugins\Mate.dll ()
MOD - D:\Spybot\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll ()

========== Win32 Services (SafeList) ==========

SRV - (Update-Service) -- C:\WINDOWS\system32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- D:\Antivir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Antivir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (appdrvrem01) Application Driver Auto Removal Service (01) -- C:\WINDOWS\System32\appdrvrem01.exe (Protection Technology)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (Video3D) -- System32\Drivers\Video3D32.sys File not found
DRV - (PDRFRAME) -- File not found

OTL Extras logfile created on: 06.04.2012 11:56:42 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\juhu\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,51% Memory free
3,85 Gb Paging File | 2,76 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24,41 Gb Total Space | 5,49 Gb Free Space | 22,50% Space Free | Partition Type: NTFS
Drive D: | 273,67 Gb Total Space | 39,15 Gb Free Space | 14,30% Space Free | Partition Type: NTFS

Computer Name: TON-C264E2D91E6 | User Name: juhu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Spiele\XIII\system\XIII.exe" = D:\Spiele\XIII\system\XIII.exe:*:Enabled:XIII -- ()
"D:\i-tunes\iTunes.exe" = D:\i-tunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Cyanide\GameCenter\GameCenter.exe" = C:\Programme\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"D:\Spiele\Tour de France 2009 - Der offizielle Radsport-Manager\PCM.exe" = D:\Spiele\Tour de France 2009 - Der offizielle Radsport-Manager\PCM.exe:*:Enabled:Tour de France 2009 - Der offizielle Radsport-Manager -- (Cyanide)
"D:\Spiele\Tour de France 2009 - Der offizielle Radsport-Manager\Autorun\Exe\Autorun.exe" = D:\Spiele\Tour de France 2009 - Der offizielle Radsport-Manager\Autorun\Exe\Autorun.exe:*:Enabled:Tour de France 2009 - Der offizielle Radsport-Manager - AutoRun -- ()
"D:\Mozilla\firefox.exe" = D:\Mozilla\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"D:\Sopcast\adv\SopAdver.exe" = D:\Sopcast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"D:\Sopcast\SopCast.exe" = D:\Sopcast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"D:\TVU\TVUPlayer\TVUPlayer.exe" = D:\TVU\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"D:\Spiele\Kane and Lynch\kaneandlynch.exe" = D:\Spiele\Kane and Lynch\kaneandlynch.exe:*:Enabled:Kane & Lynch: Dead Men -- (Io Interactive A/S)
"C:\Dokumente und Einstellungen\juhu\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\juhu\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled

ropbox -- (Dropbox, Inc.)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CBC9A39-5A64-446E-8D6B-0E75987D9425}" = ASUS ATI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{43C67D92-F56E-4729-8673-9A2D5A6036F8}" = ASUS Utilities
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57a57d68-aa59-4cf2-a805-b3f1dc6d473f}" = Nero 9 Lite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v4.1
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{86A3E1AA-3318-4780-B726-13C051B893AF}" = Brother HL-2030
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9EEA623-5396-4489-B542-6E6606286DD6}" = ATI Catalyst Control Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BH - RT" = BH - RT
"CCleaner" = CCleaner
"Citavi" = Citavi 2.5.2.0
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GameCenter" = GameCenter
"GEN_LYRICS_IE.DLL" = Winamp Lyrics (Explorer Version) v1.22
"InstallShield_{43C67D92-F56E-4729-8673-9A2D5A6036F8}" = ASUS Utilities
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"OpenAL" = OpenAL
"Pro Cycling Manager 2009_is1" = Pro Cycling Manager - Season 2009 1.0.3.3
"SopCast" = SopCast 3.3.2
"TVUPlayer" = TVUPlayer 2.5.3.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Companion
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.04.2011 14:44:14 | Computer Name = TON-C264E2D91E6 | Source = Bonjour Service | ID = 100
Description =

Error - 05.04.2011 14:44:14 | Computer Name = TON-C264E2D91E6 | Source = Bonjour Service | ID = 100
Description =

Error - 05.04.2011 14:44:14 | Computer Name = TON-C264E2D91E6 | Source = Bonjour Service | ID = 100
Description =

Error - 05.04.2011 14:44:16 | Computer Name = TON-C264E2D91E6 | Source = Bonjour Service | ID = 100
Description =

Error - 05.04.2011 14:44:16 | Computer Name = TON-C264E2D91E6 | Source = Bonjour Service | ID = 100
Description =

Error - 05.04.2011 14:44:16 | Computer Name = TON-C264E2D91E6 | Source = Bonjour Service | ID = 100
Description =

[ System Events ]
Error - 30.03.2012 11:48:25 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 02.04.2012 11:45:25 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 03.04.2012 09:23:18 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 03.04.2012 12:24:29 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 04.04.2012 11:16:40 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.04.2012 06:58:18 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 05.04.2012 12:16:59 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 06.04.2012 03:56:52 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem
Dienst abhängig: LanmanWorkstation

Error - 06.04.2012 03:56:52 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EIO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 06.04.2012 03:57:48 | Computer Name = TON-C264E2D91E6 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem
Dienst abhängig: LanmanWorkstation

< End of report >

cosinus · 06.04.2012, 16:24

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

C:Dokumente und Einstellung/.../ARK8D.tmp wird immer wieder angezeigt!!!

Log-Analyse und Auswertung: C:Dokumente und Einstellung/.../ARK8D.tmp wird immer wieder angezeigt!!!

C:Dokumente und Einstellung/.../ARK8D.tmp wird immer wieder angezeigt!!!

C:Dokumente und Einstellung/.../ARK8D.tmp wird immer wieder angezeigt!!!

Ähnliche Themen: C:Dokumente und Einstellung/.../ARK8D.tmp wird immer wieder angezeigt!!!