|
Plagegeister aller Art und deren Bekämpfung: Malwarebytes Anti-Malware -hat mir geholfen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.12.2010, 14:36 | #1 |
| Malwarebytes Anti-Malware -hat mir geholfen! Servus Leute und da guru, ich habe mir gestern den HDD low eingefangen und dachte schon jetzt is alles i. A. Habe aber bei euch im Forum die Anleitung über rkill.com gelesen und alles wie beschrieben gemacht! Und siehe da der Schmarren is nun weg -schon mal danke- Hier noch der Report von Anti-Malware: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5406 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 28.12.2010 14:14:17 mbam-log-2010-12-28 (14-14-17).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 172156 Laufzeit: 8 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3135468 (Rogue.FakeHDD) -> Value: 3135468 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\dokumente und einstellungen\Markus\startmenü\programme\HDD Low (Rogue.HDDLow) -> Quarantined and deleted successfully. Infizierte Dateien: c:\dokumente und einstellungen\Markus\lokale einstellungen\Temp\3135468.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Markus\Desktop\HDD Low.lnk (Rogue.HDDLow) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Markus\startmenü\programme\HDD Low\HDD Low.lnk (Rogue.HDDLow) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Markus\startmenü\programme\HDD Low\uninstall hdd low.lnk (Rogue.HDDLow) -> Quarantined and deleted successfully. Hier noch das Ergebnis von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.12.2010 14:48:19 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 171,00 Mb Available Physical Memory | 33,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 228,52 Gb Total Space | 153,41 Gb Free Space | 67,13% Space Free | Partition Type: NTFS Drive D: | 2,05 Gb Total Space | 1,65 Gb Free Space | 80,60% Space Free | Partition Type: FAT32 Drive J: | 596,02 Gb Total Space | 586,59 Gb Free Space | 98,42% Space Free | Partition Type: FAT32 Computer Name: NAME-30M291G2YF | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Scansoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Programme\pdf24\PDF24Updater.exe () PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) PRC - C:\WINDOWS\system32\carpserv.exe (Conexant Systems, Inc.) PRC - C:\Programme\Office\OUTLOOK.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (x10nets) -- File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (mfefire) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (SerialKeys) -- C:\WINDOWS\system32\skeys.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.) DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (aucapi) -- C:\WINDOWS\system32\drivers\aucapi.sys (Auerswald GmbH & Co.KG ) DRV - (auusb) -- C:\WINDOWS\system32\drivers\auusb.sys (Auerswald GmbH & Co.KG ) DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (ADM851X) -- C:\WINDOWS\system32\drivers\ADM851X.SYS (Infineon Technologies AG) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation) DRV - (ATITUNEP) ATI WDM TV Tuner (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atintuxx.sys (ATI Technologies Inc.) DRV - (ATIXSAudio) -- C:\WINDOWS\system32\drivers\atinxsxx.sys (ATI Technologies Inc.) DRV - (atinrvxx) -- C:\WINDOWS\system32\drivers\atinrvxx.sys (ATI Technologies Inc.) DRV - (TTDec) ATI WDM Teletext Decoder (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinttxx.sys (ATI Technologies Inc.) DRV - (ativraxx) -- C:\WINDOWS\system32\drivers\atinraxx.sys (ATI Technologies Inc.) DRV - (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI Technologies Inc.) DRV - (U3sHlpDr) -- C:\WINDOWS\system32\drivers\U3sHlpDr.sys () DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG) DRV - (kbeepm) -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\kbeepm.sys () DRV - (W8100PCI) -- C:\WINDOWS\system32\drivers\mrv8k51.sys (Marvell Semiconductor, Inc) DRV - (ATI Remote Wonder II) -- C:\WINDOWS\system32\drivers\atirwvd.sys (Jungo) DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH) DRV - (SCR33X USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR33X2K.sys (SCM Microsystems Inc.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd) DRV - (IMT0521) -- C:\WINDOWS\system32\drivers\IMT0521.sys (Inmax Technology Corp.) DRV - (X10UIF) -- C:\WINDOWS\system32\drivers\x10uif.sys (X10 Wireless Technology, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems, Inc.) DRV - (ASNDIS5) -- C:\WINDOWS\system32\ASNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.) DRV - (BrSerWDM) Brother-Treiber (seriell) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.donaualtheimer-rapsoel.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.raps-kuchen.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010.12.14 20:32:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.15 21:22:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 10:51:53 | 000,000,000 | ---D | M] [2009.12.30 15:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Extensions [2010.12.27 21:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\extensions [2009.12.30 20:45:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.02 18:10:43 | 000,002,238 | ---- | M] () -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Mozilla\Firefox\Profiles\h2ut9aca.default\searchplugins\askcom.xml [2010.12.27 21:39:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.20 12:14:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll [2010.06.20 12:13:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.23 12:49:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.23 12:49:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.23 12:49:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.29 17:08:34 | 000,002,027 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\McSiteAdvisor.xml [2010.09.23 12:49:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.23 12:49:17 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2003.04.02 13:00:00 | 000,000,820 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (metaspinner media GmbH) - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\Programme\klickTel\eBay Startcenter\IEButtonKlickTelEBayInterface.dll () O2 - BHO: (no name) - {74A0AC27-3753-4080-B94E-557CC43E9E8B} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IndexSearch] C:\Programme\Scansoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Norton] C:\Programme\ASUS\WLAN Card Utilities\NorExec.exe () O4 - HKLM..\Run: [OEM-Reset] File not found O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\Scansoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\PDF24Updater.exe () O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe () O4 - HKLM..\Run: [PPort11reminder] C:\Programme\Scansoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [aHvFmtjxlhgIe.exe] C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Temp\aHvFmtjxlhgIe.exe (msql software) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SmartUI.lnk = C:\Programme\Scansoft\PaperPort\SmartUI\SmartUI.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VR-NetWorld Auftragsprüfung.lnk = C:\Programme\VR-NetWorld\VRToolCheckOrder.exe (VR-NetWorld Software) O4 - Startup: C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.) O9 - Extra Button: Preispiraten - {94A15285-AAE6-44E8-B2D7-4A2C6CDA9185} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab (McAfee.com Operating System Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.15 01:30:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004.01.15 10:25:14 | 000,000,053 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ] O32 - AutoRun File - [2004.01.20 15:50:52 | 000,020,480 | ---- | M] (TARGA GmbH) - D:\AUTORUN.EXE -- [ FAT32 ] O32 - AutoRun File - [2003.03.21 12:00:56 | 000,000,000 | RH-D | M] - J:\AUTORUN -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.28 13:49:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Malwarebytes [2010.12.28 13:49:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.12.28 13:49:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.12.28 13:49:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.12.28 13:49:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.28 10:40:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\PackageAware [2010.12.28 09:54:49 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Markus\Recent [2007.10.12 09:26:32 | 007,721,936 | ---- | C] (geek Software GmbH ) -- C:\Programme\PDF_Creator.exe [2007.08.02 15:24:14 | 015,732,984 | ---- | C] (Google ) -- C:\Programme\Google_Earth_BZXW.exe [2006.03.30 10:59:24 | 009,996,144 | ---- | C] (Skype Software S.A. ) -- C:\Programme\SkypeSetup.exe [2005.09.01 20:51:16 | 006,415,389 | ---- | C] (InstallShield Software Corporation) -- C:\Programme\pci_de_smartrecovery.exe [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.28 14:20:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kemr.sys [2010.12.28 14:20:03 | 000,000,505 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2010.12.28 14:01:03 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.12.28 13:49:41 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.28 09:06:19 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Center.lnk [2010.12.28 09:05:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.12.28 09:05:45 | 535,613,440 | -HS- | M] () -- C:\hiberfil.sys [2010.12.27 22:33:27 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.12.27 19:06:13 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.12.27 14:51:10 | 000,041,022 | ---- | M] () -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\wklnhst.dat [2010.12.25 20:55:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.28 14:20:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kemr.sys [2010.12.28 13:49:41 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.01 21:29:23 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2010.07.01 21:26:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2010.07.01 21:26:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2010.07.01 21:26:26 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2010.07.01 21:26:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2010.07.01 21:21:20 | 000,033,499 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2010.03.28 17:22:14 | 000,000,102 | ---- | C] () -- C:\WINDOWS\telephon.ini [2009.07.15 17:06:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2009.07.15 17:06:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2009.06.17 13:59:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EAN-ILN.INI [2009.06.04 12:42:58 | 000,000,340 | ---- | C] () -- C:\WINDOWS\Barcode.ini [2009.02.15 14:12:22 | 000,000,566 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini [2009.02.15 14:12:17 | 000,000,505 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2009.02.15 14:12:17 | 000,000,078 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009.02.15 14:11:05 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll [2009.02.15 13:42:22 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008.06.30 17:58:14 | 000,315,444 | ---- | C] () -- C:\WINDOWS\System32\isdnapi32.dll [2008.06.30 17:58:14 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\AuerCapiJNINative.dll [2008.06.27 10:54:05 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2008.02.14 09:44:08 | 000,055,856 | ---- | C] () -- C:\WINDOWS\System32\aucapjni.dll [2007.03.04 12:37:37 | 000,003,372 | ---- | C] () -- C:\WINDOWS\tm.ini [2006.11.12 11:25:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI [2006.11.12 11:23:56 | 000,000,053 | ---- | C] () -- C:\WINDOWS\phbase.ini [2006.11.12 11:23:25 | 000,001,337 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2006.11.12 11:23:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini [2006.11.12 11:23:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini [2006.02.19 15:00:08 | 000,000,056 | ---- | C] () -- C:\WINDOWS\ui.INI [2006.02.19 12:56:10 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.02.19 12:51:14 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll [2006.02.19 12:51:14 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll [2006.02.19 12:51:14 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll [2006.02.10 20:00:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2006.02.10 20:00:12 | 000,000,144 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI [2006.01.23 13:29:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\eplan.ini [2005.09.01 21:21:26 | 001,353,703 | ---- | C] () -- C:\Programme\photorescuepro_setup.exe [2005.09.01 21:14:07 | 001,039,067 | ---- | C] () -- C:\Programme\wrar350d.exe [2005.09.01 21:10:34 | 000,752,905 | ---- | C] () -- C:\Programme\prdemo.zip [2005.09.01 20:51:35 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2005.09.01 20:19:01 | 000,730,847 | ---- | C] () -- C:\Programme\freeundelete.exe [2005.08.07 17:34:00 | 000,000,099 | ---- | C] () -- C:\WINDOWS\KTEL.INI [2005.08.07 17:11:41 | 000,030,793 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll [2005.08.07 17:11:38 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll [2005.08.07 17:11:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll [2005.06.19 12:10:35 | 002,656,584 | ---- | C] () -- C:\Programme\SmartInstall_30.exe [2005.05.16 20:32:21 | 000,041,022 | ---- | C] () -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\wklnhst.dat [2005.05.16 13:09:14 | 000,016,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.01.11 09:55:11 | 002,042,584 | ---- | C] () -- C:\Programme\uploader14.exe [2004.11.24 20:30:09 | 000,002,654 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI [2004.09.01 16:02:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\BkcEmu.ini [2004.06.29 21:24:02 | 000,007,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3sHlpDr.sys [2004.05.23 12:23:49 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2004.05.16 12:05:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI [2004.05.16 11:51:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2004.04.16 08:41:11 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2004.04.15 13:23:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.04.15 12:53:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2004.04.15 06:12:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.04.14 17:27:43 | 000,005,282 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.04.14 17:09:40 | 000,001,643 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI [2004.04.14 16:59:15 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2004.04.14 16:35:05 | 000,000,857 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.04.14 16:33:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.04.14 16:19:39 | 000,000,894 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004.01.28 10:42:06 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll [2004.01.28 10:42:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2004.01.28 10:42:06 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini [2004.01.28 02:55:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2002.08.08 10:20:40 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll [2002.01.08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Board2.jpg:SummaryInformation @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Board.jpg:SummaryInformation < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.12.2010 14:48:19 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 171,00 Mb Available Physical Memory | 33,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 228,52 Gb Total Space | 153,41 Gb Free Space | 67,13% Space Free | Partition Type: NTFS Drive D: | 2,05 Gb Total Space | 1,65 Gb Free Space | 80,60% Space Free | Partition Type: FAT32 Drive J: | 596,02 Gb Total Space | 586,59 Gb Free Space | 98,42% Space Free | Partition Type: FAT32 Computer Name: NAME-30M291G2YF | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Search Archives...] -- "C:\Programme\Aladdin Systems\StuffIt 7.0.2\ArchiveSearch\archivesearch.exe" -dir "%L" (Aladdin Systems) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\AGFEO\Tk-Suite-Basic-2\tkserver\tkmedia.exe" = C:\Programme\AGFEO\Tk-Suite-Basic-2\tkserver\tkmedia.exe:*:Disabled:tkmedia -- File not found "C:\Programme\AGFEO\Tk-Suite-Basic-2\tkserver\tksock.exe" = C:\Programme\AGFEO\Tk-Suite-Basic-2\tkserver\tksock.exe:*:Disabled:tksock -- File not found "C:\Programme\McAfee\MBK\McAfeeDataBackup.exe" = C:\Programme\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup -- File not found "C:\Programme\FTP Commander\Ftpcomm.exe" = C:\Programme\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- (Internetsoft) "C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe" = C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found "E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin) "C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004 "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION "{0A46AA20-59BF-4285-9E29-5DA61BA5EF46}" = Lexware online banking 3.50 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFC Software Suite "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{2243B1BA-18A1-409E-800D-AAC3F745A378}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2F315767-6230-4980-BE36-C2E91D42BBB8}" = die ReadKVK Applikation "{326836D7-3A21-4684-AE30-6E2F562EC81C}" = Preispiraten "{334041A2-53F7-4C36-ADCA-76C41EA37E69}" = Lexware büro easy 2006 "{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATIRW2 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer "{43EA3CC1-13D3-4C0E-99F0-5C1F1BC87A6B}" = dtrader "{48AB06FF-059D-43DE-ACC1-15920D5A7FF2}" = JRE 1.4.2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8 "{56E005A4-2921-4C77-A4EB-9FF21C1438B5}" = MMC90 "{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works "{5F045A94-B4B0-4F24-BE71-8491B7121CB0}" = Auerswald COMtools 2.2.69 "{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder "{65B2B4C4-A67F-485E-9A6B-E72E07AB8DFF}" = Auerswald COMlist 2.4.36 "{69761DB4-78A4-4D29-8A8F-3758A5568638}" = Lexware online banking 3.50 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = SAS10 "{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11 "{813C408A-24C4-43E2-A5DF-B683E440234F}" = funScreenScraping Client Version "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0 "{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49486AB-DE0B-4DA6-9C9B-E9DCD4BED263}" = StuffIt 7.0.2 "{ABC62001-AD9F-46DB-8668-9946154D6A07}" = AMD Athlon 64 Processor Driver "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{BAB13D51-55B7-49DC-89D4-5A81D3C2D279}" = Auerswald SoftLCR 3.3.19 "{C095AB64-EF16-4636-9A78-5E72C3DC3173}" = Auerswald COMset 2.6.29 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite "{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007 "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF55762E-8BA1-4298-BA07-F9460B7A522C}" = eBay Startcenter "{D7AB3CBA-6C85-42A5-A662-766E8C90E6F2}" = "{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}" = Chipkartenleser Treiberinstallation "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9 "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EB452503-A684-4F89-9138-2E590D60478B}" = ATI Decoder "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FBBCDE19-2EBB-437D-BB44-B8899E56EA9E}" = SE309 "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "Ad-Aware SE Personal" = Ad-Aware SE Personal "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Adobe SVG Viewer" = Adobe SVG Viewer "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ALShow_is1" = ALShow "AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner "ArcSoft PhotoBase" = ArcSoft PhotoBase "ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000 "ATI Display Driver" = ATI Display Driver "Auerswald CAPI 2.0 Treiber" = Auerswald-CAPI-2.0-Treiber "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Barcode Demoversion_is1" = Barcode Demoversion "BAYlalaika_is1" = BAYlalaika 1.2 Lite "Biet-O-Matic v2.8.0" = Biet-O-Matic v2.8.0 "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0 "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2F00" = FM-56PCI-HSFi-AB "CPUID CPU-Z_is1" = CPUID CPU-Z 1.53 "DaWan" = DaWan "DivX Codec" = DivX Codec "ElsterFormular 11.1.3.3887" = ElsterFormular "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "FastStone Player" = FastStone Player "FreeUndelete" = FreeUndelete "FTP Commander" = FTP Commander "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{3347F781-9C89-4C9B-B471-B1FFC3BC4A84}" = ATI Remote Wonder 2.3 "InstallShield_{56E005A4-2921-4C77-A4EB-9FF21C1438B5}" = ATI Multimedia Center 9.0.0.0 "InstallShield_{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript Engine 1.0 "InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO "InstallShield_{EB452503-A684-4F89-9138-2E590D60478B}" = ATI Decoder "IrfanView" = IrfanView (remove only) "LeapFTP" = LeapFTP "Lexmark_HostCD" = Lexmark Software deinstallieren "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15) "mpegable DS" = mpegable DS decoder "MSC" = McAfee SecurityCenter "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "Nero - Burning Rom!UninstallKey" = Nero OEM "NeroVision!UninstallKey" = NeroVision Express 2 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PhotoRescue Pro" = PhotoRescue Pro 3.0 "PhotoStitch" = Canon Utilities PhotoStitch "PictureIt_v9" = Microsoft Picture It! Foto Premium 9 "Pinnacle Hollywood FX Pack - ATI FX" = Pinnacle Hollywood FX Pack - ATI FX "QK BarCode Generator" = QK BarCode Generator "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SE309" = SE309 "Shockwave" = Shockwave "ST6UNST #1" = Chipcard master 5.15 "StreetPlugin" = Learn2 Player (Uninstall Only) "ViewpointMediaPlayer" = Viewpoint Media Player "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = WinRAR Archivierer "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Works2004Setup" = Setup-Start von Microsoft Works 2004 "xp-AntiSpy" = xp-AntiSpy 3.96-4 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 05.08.2010 03:02:55 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 12.08.2010 03:24:16 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 12.08.2010 03:24:16 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 12.08.2010 03:24:16 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden. . Error - 12.08.2010 03:25:41 | Computer Name = NAME-30M291G2YF | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 13.08.2010 07:11:44 | Computer Name = NAME-30M291G2YF | Source = MsiInstaller | ID = 11706 Description = Product: DAO -- Error 1706.No valid source could be found for product DAO. The Windows Installer cannot continue. [ System Events ] Error - 28.12.2010 06:07:50 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 06:34:08 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 06:34:10 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 07:16:43 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 07:16:43 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 08:24:55 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 08:24:56 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 09:52:12 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 09:52:16 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 28.12.2010 09:53:54 | Computer Name = NAME-30M291G2YF | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. < End of report > Soll ich nun noch weiteres machen oder ist die Sache damit erledigt? Wenn ich schon frage-hab nochmal ein Problem: Seit ein paar Wochen geht das Outlook erst nach dem 3-4 mal auf, vorher schließt es immer wieder selbständig. Kann man das reparieren? Schon mal Danke an euch cube Geändert von cube (28.12.2010 um 15:00 Uhr) |
28.12.2010, 18:05 | #2 |
/// Mr. Schatten | Malwarebytes Anti-Malware -hat mir geholfen! Ja, das richtige Unterforum wählen. Hier in der Taverene bist du sowas von falsch
__________________*Verschiebung beantragt*
__________________ |
28.12.2010, 18:34 | #3 |
| Malwarebytes Anti-Malware -hat mir geholfen! Also kopiere ich mal in Plagegeister aller Art und deren Bekämpfung.
__________________Hoffe das passt dann... |
Themen zu Malwarebytes Anti-Malware -hat mir geholfen! |
0x00000001, alternate, amd athlon, anleitung, anti-malware, blue, canon, cpu-z, dateien, desktop, eingefangen, einstellungen, explorer, firefox 3.5.15, firefox.exe, forum, gen, hdd low, igdctrl.exe, install, intranet, lexware, location, lokale, malwarebytes, malwarebytes anti-malware, microsoft, msiinstaller, oldtimer, otl.exe, outlook, plug-in, problem, programme, registry cleaner, reparieren, report, rkill.com, rogue.fakehdd, rogue.hddlow, saver, schließt, searchplugins, secure search, service, shell32.dll, skype.exe, software, system restore, temp, version, windows internet, woche |