![]() |
|
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum auf NotebookWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
|
![]() | #1 |
| ![]() Live Security Platinum auf Notebook Hier das Text:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.07.2012 17:12:19 - Run 5 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,21% Memory free 6,23 Gb Paging File | 5,36 Gb Available in Paging File | 86,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 5,15 Gb Free Space | 5,27% Space Free | Partition Type: NTFS Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Programme\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Windows\vVX3000.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Sony SCSI Helper Service) -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (PDFProFiltSrvPP) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (o2flash) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro ) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.23 21:42:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] [2012.02.11 18:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.26 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.23 21:42:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.07.20 08:56:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.26 16:03:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files\Goodnight Timer\Goodnight Timer.exe () O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641C529A-DAAA-43E8-9028-40D299DB7849}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell - "" = AutoRun O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\virenjagd [2012.07.26 15:54:43 | 000,000,000 | ---D | C] -- C:\TDSS [2012.07.26 12:39:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.07.26 12:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.26 12:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.26 12:39:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.26 12:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.25 21:35:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.25 21:23:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C [2012.07.15 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ControlCenter4 [2012.07.15 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2012.07.15 13:16:37 | 000,000,000 | ---D | C] -- C:\Brother [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4 [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02 [2012.07.15 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4 [2012.07.15 13:16:26 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll [2012.07.15 13:16:26 | 000,074,752 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll [2012.07.15 13:16:25 | 000,074,752 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll [2012.07.15 13:16:25 | 000,051,200 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll [2012.07.15 13:16:23 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll [2012.07.15 13:16:23 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll [2012.07.15 13:16:10 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE [2012.07.15 13:16:10 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL [2012.07.15 13:16:10 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL [2012.07.15 13:16:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll [2012.07.15 13:16:06 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll [2012.07.15 13:16:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll [2012.07.15 13:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2012.07.15 13:16:01 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll [2012.07.15 13:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.07.15 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield [2012.07.15 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon [2012.07.15 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MeineWebSeiten [2012.07.15 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx [2012.07.15 12:35:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll [2012.07.15 12:34:52 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll [2012.07.15 12:34:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll [2012.07.15 12:34:36 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll [2012.07.15 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nuance [2012.07.15 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2012.07.15 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.07.15 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.07.15 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2012.07.12 05:26:49 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 09:32:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.01 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited [2012.07.01 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP [2012.07.01 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.06.28 06:37:10 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.28 06:37:10 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.28 06:36:30 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.28 06:36:30 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.28 06:36:30 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.28 06:36:17 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.28 06:36:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.02.11 19:21:47 | 001,762,824 | ---- | C] (Microsoft Corporation) -- C:\Users\User\vcredist_x86.exe ========== Files - Modified Within 30 Days ========== [2012.07.26 17:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.26 16:58:41 | 005,818,908 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.26 16:58:41 | 002,222,038 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.26 16:58:41 | 001,832,508 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.26 16:58:41 | 001,663,976 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.26 16:51:31 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.07.26 16:51:28 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.26 16:51:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.26 16:51:21 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.07.26 16:51:20 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.26 16:51:20 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2012.07.26 16:51:19 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 16:51:19 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 16:51:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.26 16:51:08 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 23:34:57 | 000,002,617 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk [2012.07.25 22:26:21 | 000,000,156 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.07.25 22:03:20 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.15 13:23:12 | 000,406,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.15 13:19:14 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:37 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini [2012.07.12 11:31:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.12 11:31:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.10 09:07:07 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.06 18:33:03 | 001,012,369 | ---- | M] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:54 | 002,136,651 | ---- | M] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:48:15 | 004,078,456 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:48:04 | 004,539,879 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:47:23 | 003,669,641 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:47:07 | 004,037,891 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:46:35 | 004,643,748 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:44:04 | 004,503,041 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:43:23 | 004,455,064 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:58 | 000,115,998 | ---- | M] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:55 | 000,346,598 | ---- | M] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:49 | 000,071,426 | ---- | M] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:54 | 000,327,825 | ---- | M] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:41 | 000,114,847 | ---- | M] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:30 | 000,169,509 | ---- | M] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:16 | 000,105,551 | ---- | M] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:57 | 000,349,295 | ---- | M] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:44 | 000,331,952 | ---- | M] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:54 | 000,324,727 | ---- | M] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:36 | 000,154,624 | ---- | M] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:22 | 000,314,819 | ---- | M] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:36 | 000,347,010 | ---- | M] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:05 | 000,317,520 | ---- | M] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:49 | 000,332,289 | ---- | M] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:33 | 000,123,137 | ---- | M] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:11 | 000,320,928 | ---- | M] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:32 | 000,322,463 | ---- | M] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:37 | 000,349,282 | ---- | M] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:56 | 000,323,657 | ---- | M] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:10 | 000,105,933 | ---- | M] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:46 | 000,344,088 | ---- | M] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:15 | 000,117,054 | ---- | M] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 17:38:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk ========== Files Created - No Company Name ========== [2012.07.26 16:51:08 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys [2012.07.25 22:26:05 | 000,000,156 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.07.15 13:19:14 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.07.15 13:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.07.15 13:16:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012.07.15 13:16:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012.07.15 13:16:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2012.07.06 18:32:54 | 001,012,369 | ---- | C] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:31 | 002,136,651 | ---- | C] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:46:34 | 004,078,456 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:45:34 | 004,539,879 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:45:03 | 003,669,641 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:44:42 | 004,037,891 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:44:34 | 004,643,748 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:43:20 | 004,503,041 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:42:43 | 004,455,064 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:56 | 000,115,998 | ---- | C] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:51 | 000,346,598 | ---- | C] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:47 | 000,071,426 | ---- | C] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:50 | 000,327,825 | ---- | C] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:39 | 000,114,847 | ---- | C] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:27 | 000,169,509 | ---- | C] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:14 | 000,105,551 | ---- | C] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:53 | 000,349,295 | ---- | C] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:40 | 000,331,952 | ---- | C] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:50 | 000,324,727 | ---- | C] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:33 | 000,154,624 | ---- | C] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:18 | 000,314,819 | ---- | C] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:32 | 000,347,010 | ---- | C] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:00 | 000,317,520 | ---- | C] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:45 | 000,332,289 | ---- | C] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:31 | 000,123,137 | ---- | C] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:07 | 000,320,928 | ---- | C] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:27 | 000,322,463 | ---- | C] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:33 | 000,349,282 | ---- | C] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:52 | 000,323,657 | ---- | C] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:07 | 000,105,933 | ---- | C] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:41 | 000,344,088 | ---- | C] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:13 | 000,117,054 | ---- | C] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.01 17:38:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.06.10 23:35:24 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.05.02 22:20:28 | 000,584,644 | ---- | C] () -- C:\Users\User\castillo,_linda_-_blutige_stille.mobi [2012.02.23 21:42:19 | 000,001,393 | ---- | C] () -- C:\Users\User\DivX Movies.lnk [2012.02.23 21:41:56 | 000,000,917 | ---- | C] () -- C:\Users\User\DivX Plus Player.lnk [2012.02.23 21:41:36 | 000,001,897 | ---- | C] () -- C:\Users\User\DivX Plus Converter.lnk [2012.02.11 19:59:45 | 000,010,752 | ---- | C] () -- C:\Users\User\Gedicht Mutter.wps [2012.02.11 19:59:45 | 000,000,973 | ---- | C] () -- C:\Users\User\DivX Converter.lnk [2012.02.11 19:59:45 | 000,000,937 | ---- | C] () -- C:\Users\User\DivX Player.lnk [2012.02.11 19:21:38 | 000,689,664 | ---- | C] () -- C:\Users\User\MicrosoftFixit50202.msi [2012.02.11 19:05:26 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.11 14:15:20 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.02.11 14:15:18 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.02.11 13:47:57 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat < End of report > Hier das extra. Habe vergessen offline und in den abgesicherten Modus zu gehen. Schlimm?OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.07.2012 17:12:19 - Run 5 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,21% Memory free 6,23 Gb Paging File | 5,36 Gb Available in Paging File | 86,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 5,15 Gb Free Space | 5,27% Space Free | Partition Type: NTFS Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2EB11FDB-91BE-4DFC-9951-BABF3574C895}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{57C02CB1-032D-46CC-A9F0-A0873B20135D}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ED2F557-6D09-4AD0-B2BF-1C146C35CAE4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{11043380-061F-4295-B0D9-193D6943243C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{1BE30EA1-FE3D-48B5-8C92-BCB1487979A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{2F88B01A-616C-4547-BC7B-3607A5B4D0E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{459C822C-D32B-43C2-AF26-6AEDE34AE231}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{6BE07647-3F33-4C98-A26D-08477008D1B0}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe | "{736A42E4-3406-4AB2-BC16-AB7B1887DECF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{8AE498DC-860C-475C-8CAF-E318F7C40DDD}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe | "{8D0FD68D-1C72-4BA2-85F0-A6B1802896A9}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe | "{ACFF47EB-6608-4471-A290-3846E623EE7C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B984B4BB-2274-40B6-A85C-1FD042E72A81}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{BE4EA823-9C8A-4BA4-8564-BDCBB4139F31}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{E53EEDBB-98E4-4EF2-AF41-E9F9749D3D65}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{F8BA4067-147D-4384-8EE8-F3CE0EBCE1DF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "TCP Query User{581688A2-B5D6-4588-AC1A-38BA22215E52}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{A267DE1C-46A4-4DF9-84B3-8AE5F32522EA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{C368DA75-0E22-444B-869B-EA38CCC4E4B1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{DC7AAE58-9103-43A0-8BE6-CC617380FA88}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{EED1472E-EB9D-45CA-A685-96E178237280}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{2FD2F649-B247-4D86-A555-F1DAE0620701}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{512DEE65-1151-4CBD-8A29-5DD65D4B4748}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6A2750C5-C41D-4A18-89C9-E4A3731DEE43}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{BFF93823-6A52-4F17-A128-6E24706CBFF3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{F099BB8D-D4A9-456F-97A4-5957D23BAB44}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03CEFC42-378E-4467-9909-DCBAFD38CA9F}" = LibreOffice 3.4 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3 "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.5.0 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86) "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FFB6614F-6E61-4831-BF71-51633A718B18}" = Nitro Reader 2 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "FinalMediaPlayer_is1" = Final Media Player 2011 "Glary Utilities_is1" = Glary Utilities 2.43.0.1419 "Goodnight Timer_is1" = Goodnight Timer 1.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Professional 2010 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.07.2012 09:28:18 | Computer Name = User-PC | Source = LoadPerf | ID = 3012 Description = Error - 26.07.2012 09:28:18 | Computer Name = User-PC | Source = LoadPerf | ID = 3011 Description = Error - 26.07.2012 10:01:02 | Computer Name = User-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/07/26 16:01:02.364]: [00002132]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.19] Error - 26.07.2012 10:46:40 | Computer Name = User-PC | Source = EventSystem | ID = 4609 Description = Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3012 Description = Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3012 Description = Error - 26.07.2012 10:58:37 | Computer Name = User-PC | Source = LoadPerf | ID = 3011 Description = Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.07.2012 11:01:28 | Computer Name = User-PC | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 05.06.2012 02:47:44 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse 00225F1C4CE4 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 05.06.2012 09:13:41 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 00225F1C4CE4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 05.06.2012 09:15:17 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05.06.2012 18:21:25 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = Error - 06.06.2012 02:06:20 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.106 für die Netzwerkkarte mit der Netzwerkadresse 00225F1C4CE4 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 06.06.2012 02:07:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = Error - 06.06.2012 04:57:19 | Computer Name = User-PC | Source = volsnap | ID = 393251 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann. Error - 06.06.2012 05:40:38 | Computer Name = User-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 06.06.2012 09:27:44 | Computer Name = User-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse 00225F1C4CE4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 06.06.2012 09:29:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
![]() | #2 |
![]() ![]() ![]() ![]() ![]() | ![]() Live Security Platinum auf Notebook Hi,
__________________und nochmal ein Eintrag der weg muss:
![]() Code:
ATTFilter :OTL O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe File not found :Commands [purity] [emptytemp] [RESETHOSTS] [Reboot]
chris
__________________ |
![]() | #3 |
| ![]() Live Security Platinum auf Notebook Hallo Chris,
__________________ich war zwei Tage nicht zuhause und kommte deshalb nicht weitermachen. Aber jetzt gehts weiter. Hier der log: lg All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Neacybigr deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: User ->Temp folder emptied: 39956 bytes ->Temporary Internet Files folder emptied: 301111 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 30692747 bytes ->Flash cache emptied: 891 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 77753 bytes RecycleBin emptied: 13355 bytes Total Files Cleaned = 30,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.54.1 log created on 07292012_195856 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
![]() | #4 |
![]() ![]() ![]() ![]() ![]() | ![]() Live Security Platinum auf Notebook Hi, wie verhält sich der Rechner? Bitte noch mal ein neues OTL-Log posten... chris
__________________ ![]() ![]() Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ![]() |
![]() |
Themen zu Live Security Platinum auf Notebook |
adobe, autorun, bho, browser, cdburnerxp, defender, document, einstellungen, exe, explorer, firefox, format, google, google earth, home, installation, logfile, mozilla, nicht sicher, nvidia, plug-in, proxy, realtek, registry, searchscopes, security, senden, software, super, temp, vcredist, virus, vista |