| |
| |||||||
Log-Analyse und Auswertung: windos recovery Festplatte beschädigt Alles Ganz schwarzWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.05.2011, 18:25
| #1 |
| |  windos recovery Festplatte beschädigt Alles Ganz schwarz Desktop ganz schwarz Windows recovery blockiert alles bin voll verzweifelt was muss ich tun Hallo, seit dem starten meines Computer heute morgen wird mir dieses problem angezeigt. Alle Daten sind im Nichts verschwunden. Alles ist Schwarz ich weiss jetzt nur nicht wie ich es beseitigen soll ich hoffe ihr könnt mir so schnell wie möglich helfen MFG Kadan76 Hallo, seit dem starten meines Computer heute morgen wird mir dieses problem angezeigt. Alle Daten sind im Nichts verschwunden, dass die Festplatte beschädigt ist und ich führe zurzeit ein Scan durch mit Malwarebytes und ich würde mich so freuen wenn ihr mir erklären/helfen könnt was ich tun muss um es zu entfernen ..er zeigt zwar beim Scan keine bösartigen sachen aber windows recovery ist noch aufm dektops und ist alles noch schwarz .. ich bitte um hilfe MFG Kadan76 Betriebssystemname Microsoft Windows XP Professional Version 5.1.2600 Service Pack 3 Build 2600 Betriebssystemhersteller Microsoft Corporation Systemname KADA-87B679F42F Systemhersteller K8N4V Systemmodell K8NF4G-VSTA Systemtyp X86-basierter PC Prozessor x86 Family 15 Model 44 Stepping 2 AuthenticAMD ~1607 Mhz BIOS-Version/-Datum American Megatrends Inc. P1.10, 12.05.2006 SMBIOS-Version 2.3 Windows-Verzeichnis C:\WINDOWS Systemverzeichnis C:\WINDOWS\system32 Startgerät \Device\HarddiskVolume1 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "5.1.2600.5512 (xpsp.080413-2111)" Benutzername KADA-87B679F42F\Kada Zeitzone Westeuropäische Sommerzeit Gesamter realer Speicher 1.024,00 MB Verfügbarer realer Speicher 381,56 MB Gesamter virtueller Speicher 2,00 GB Verfügbarer virtueller Speicher 1,95 GB Größe der Auslagerungsdatei 2,26 GB Auslagerungsdatei C:\pagefile.sys OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2011 21:40:58 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 959,23 Mb Total Physical Memory | 384,45 Mb Available Physical Memory | 40,08% Memory free 2,26 Gb Paging File | 1,69 Gb Available in Paging File | 74,67% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,68 Gb Total Space | 60,84 Gb Free Space | 79,34% Space Free | Partition Type: NTFS Computer Name: KADA-87B679F42F | User Name: Kada | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.22 21:26:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe PRC - [2011.04.01 16:58:37 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.03.28 16:05:28 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 16:05:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:05:04 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.03.28 16:05:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.28 16:05:02 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2011.03.28 16:05:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.10.26 14:48:14 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2010.10.26 14:46:10 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2008.06.09 04:38:28 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\LGAutorunService.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.25 10:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Programme\FlashGet\flashget.exe ========== Modules (SafeList) ========== MOD - [2011.05.22 21:26:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe MOD - [2008.04.14 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2007.05.18 18:13:08 | 000,053,329 | ---- | M] (www.flashget.com) -- C:\Programme\FlashGet\fgmgr.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Unknown | Stopped] -- -- (SSHNAS) SRV - File not found [Auto | Stopped] -- -- (MnetFream) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011.04.01 16:58:37 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.03.28 16:05:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 16:05:04 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.03.28 16:05:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 16:05:02 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2010.10.26 14:46:10 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.10.26 14:43:56 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Dokumente und Einstellungen\Kada\Desktop\TOM TOM\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2008.06.09 04:38:28 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\LGAutorunService.exe -- (LG SCSI Commander) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec) DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip) DRV - [2011.04.01 16:59:05 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.04.01 16:59:05 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.04.01 16:59:04 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim) DRV - [2011.03.28 16:05:28 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot) DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.11.14 23:43:49 | 000,008,960 | ---- | M] (China) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ApsS88.sys -- (ApsS88) DRV - [2010.10.07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.06.17 15:22:41 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.12 15:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008.04.13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.03.16 14:24:06 | 004,249,088 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 [2011.01.16 18:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Extensions [2011.01.16 18:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2010.11.16 23:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions [2010.08.27 01:09:53 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e} [2010.10.08 01:57:24 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.11.16 23:45:24 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.11.16 23:35:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Mozilla\Firefox\Profiles\vmz44anp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.24 00:52:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} O1 HOSTS File: ([2010.11.14 16:12:29 | 000,000,108 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.360.cn O1 - Hosts: 127.0.0.1 upload.360safe.com O1 - Hosts: 127.0.0.1 upload-b.360safe.com O1 - Hosts: 127.0.0.1 www.rising.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab () O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.10 21:55:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell - "" = AutoRun O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe O33 - MountPoints2\{415a6774-218e-11e0-a5a6-0030849b5ab9}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell - "" = AutoRun O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell - "" = AutoRun O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell - "" = AutoRun O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell - "" = AutoRun O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell\AutoRun\command - "" = F:\NPSAI.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.22 19:04:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Malwarebytes [2011.05.22 19:04:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.22 19:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.05.22 19:04:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.05.22 19:04:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.05.22 19:04:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.22 18:54:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kada\Recent [2011.05.22 18:23:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.05.22 18:22:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Eigene Dateien\Simply Super Software [2011.05.22 18:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trojan Remover [2011.05.22 18:21:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2011.05.22 18:21:49 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2011.05.22 18:21:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Simply Super Software [2011.05.22 18:21:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2011.05.22 17:16:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GridinSoft [2011.05.22 17:16:44 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer [2011.05.21 20:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.05.21 20:40:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\Avira [2011.05.21 20:33:09 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys [2011.05.21 20:33:09 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys [2011.05.21 19:54:33 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Kada\Startmenü\Programme\Windows XP Recovery [2011.05.18 23:20:46 | 000,000,000 | ---D | C] -- C:\spoolerlogs [2011.04.30 21:41:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kada\Desktop\KEMSEL [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.22 21:49:11 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.05.22 21:47:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.22 21:06:01 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580818891-725345543-1003UA.job [2011.05.22 19:13:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mncxvs.sys [2011.05.22 19:04:26 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 18:54:19 | 001,007,108 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Eigene Dateien\rkill.com [2011.05.22 18:51:55 | 000,000,120 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780 [2011.05.22 18:48:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.22 17:29:21 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk [2011.05.22 16:06:03 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1580818891-725345543-1003Core.job [2011.05.22 09:45:49 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\CCleaner.lnk [2011.05.21 21:51:21 | 000,000,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19455780 [2011.05.21 20:29:18 | 000,000,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780r [2011.05.21 19:54:33 | 000,000,829 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Windows XP Recovery.lnk [2011.05.20 18:58:01 | 000,448,470 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.05.20 18:58:01 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.05.20 18:58:01 | 000,079,910 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.05.20 18:58:01 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.05.19 18:03:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.05.18 07:24:20 | 000,262,189 | ---- | M] () -- C:\WINDOWS\System32\nvapps.zyx [2011.05.18 07:24:02 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.05.09 17:57:18 | 000,431,898 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\CCF09052011_00002.jpg [2011.05.04 17:27:42 | 000,736,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\NiNO BÜLÜD MANN.JPG [2011.04.27 23:42:29 | 000,027,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Briefkopf Vorlage KEMSEL.odt [2011.04.23 22:30:18 | 000,904,175 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Kiefernweg3.JPG [2011.04.23 22:29:40 | 000,676,741 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Kiefernweg 3.JPG [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.22 19:13:57 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mncxvs.sys [2011.05.22 19:04:26 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 18:56:40 | 001,007,108 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Eigene Dateien\rkill.com [2011.05.22 18:21:56 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2011.05.22 18:21:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2011.05.22 18:21:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2011.05.22 18:21:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2011.05.22 17:29:21 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Killer.lnk [2011.05.21 19:54:34 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780r [2011.05.21 19:54:34 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780 [2011.05.21 19:54:33 | 000,000,829 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Windows XP Recovery.lnk [2011.05.21 19:54:31 | 000,000,400 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19455780 [2011.05.09 17:57:17 | 000,431,898 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\CCF09052011_00002.jpg [2011.05.04 17:28:46 | 000,736,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\NiNO BÜLÜD MANN.JPG [2011.05.02 20:37:22 | 000,301,077 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\dfgdfgfg.JPG [2011.04.27 23:42:29 | 000,027,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Briefkopf Vorlage KEMSEL.odt [2011.04.23 22:30:18 | 000,904,175 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Kiefernweg3.JPG [2011.04.23 22:29:40 | 000,676,741 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Kiefernweg 3.JPG [2011.03.05 17:00:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.20 00:41:13 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Anwendungsdaten\$_hpcst$.hpc [2010.06.12 22:02:48 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe [2010.06.12 22:02:48 | 000,003,953 | ---- | C] () -- C:\WINDOWS\unins000.dat [2010.05.30 01:22:59 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.01 13:40:31 | 000,221,291 | ---- | C] () -- C:\WINDOWS\Imei_dll.dll [2010.04.01 13:40:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\Sublock.dll [2010.03.31 16:36:40 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\LGAutorunService.exe [2010.03.31 16:36:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SendScsiCmd.dll [2010.03.20 04:33:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.03.02 15:00:03 | 000,072,072 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.02.22 18:51:07 | 000,017,196 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.02.02 11:29:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.01.14 12:42:29 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.01.13 21:26:34 | 000,000,371 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2010.01.13 21:26:34 | 000,000,149 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2010.01.13 21:26:16 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2010.01.13 21:26:16 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2010.01.13 21:25:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2010.01.12 17:11:25 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010.01.10 22:43:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2010.01.10 22:04:57 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010.01.10 22:04:57 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010.01.10 21:58:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.01.10 21:52:32 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.01.10 21:45:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.01.10 21:42:18 | 000,379,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.05.30 00:42:20 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll [2009.03.11 21:01:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.14 14:00:00 | 000,448,470 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.14 14:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.14 14:00:00 | 000,079,910 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.14 14:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.14 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2005.10.10 22:49:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005.10.10 22:49:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2005.10.10 22:49:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005.10.10 22:49:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2005.10.10 22:49:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005.10.10 22:49:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005.10.10 22:49:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005.10.10 22:49:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2005.10.10 22:49:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2005.10.10 22:49:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005.10.10 22:49:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\WINDOWS:92F194E416C66343 @Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 < End of report > ExtrasOTL Logfile: [CODE]OTL Extras logfile created on: 22.05.2011 21:40:58 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 959,23 Mb Total Physical Memory | 384,45 Mb Available Physical Memory | 40,08% Memory free 2,26 Gb Paging File | 1,69 Gb Available in Paging File | 74,67% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,68 Gb Total Space | 60,84 Gb Free Space | 79,34% Space Free | Partition Type: NTFS Computer Name: KADA-87B679F42F | User Name: Kada | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet  isabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet isabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop "65533:TCP" = 65533:TCP:*:Enabled:Services "52344:TCP" = 52344:TCP:*:Enabled:Services ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com) "C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" = C:\Dokumente und Einstellungen\Kada\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C "{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Premium Security Suite "CCleaner" = CCleaner "CloneCD" = CloneCD "FlashGet" = FlashGet 1.9.6.1073 "Flatcast_is1" = Flatcast Viewer Plugin 5.0.356 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Nero 9 Lite_is1" = Nero 9.0.9.4 Lite "NVIDIA Drivers" = NVIDIA Drivers "TomTom HOME" = TomTom HOME 2.7.3.1894 "Trojan Remover_is1" = Trojan Remover 6.8.2 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.05.2011 11:19:44 | Computer Name = KADA-87B679F42F | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung wordpad.exe, Version 5.1.2600.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 18.05.2011 17:20:50 | Computer Name = KADA-87B679F42F | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0xc0337425. Error - 20.05.2011 12:45:38 | Computer Name = KADA-87B679F42F | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes Modul mshtml.dll, Version 8.0.6001.18702, Fehleradresse 0x000a9c54. Error - 22.05.2011 15:10:58 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten. Error - 22.05.2011 15:11:06 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten. Error - 22.05.2011 15:11:51 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten. Error - 22.05.2011 15:11:53 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten. Error - 22.05.2011 15:11:53 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten. Error - 22.05.2011 15:11:54 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten. Error - 22.05.2011 15:11:55 | Computer Name = KADA-87B679F42F | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten. [ System Events ] Error - 22.05.2011 12:51:49 | Computer Name = KADA-87B679F42F | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Bonjour-Dienst" wurde mit folgendem dienstspezifischem Fehler beendet: 4294967295 (0xFFFFFFFF). Error - 22.05.2011 12:51:49 | Computer Name = KADA-87B679F42F | Source = Service Control Manager | ID = 7023 Description = Der Dienst "SSHNAS" wurde mit folgendem Fehler beendet: %%126 Error - 22.05.2011 12:54:42 | Computer Name = KADA-87B679F42F | Source = Service Control Manager | ID = 7034 Description = Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.05.2011 15:10:58 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} Error - 22.05.2011 15:11:06 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} Error - 22.05.2011 15:11:51 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} Error - 22.05.2011 15:11:53 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} Error - 22.05.2011 15:11:53 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} Error - 22.05.2011 15:11:54 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} Error - 22.05.2011 15:11:55 | Computer Name = KADA-87B679F42F | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SwPrv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} Mbam-log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6641 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.05.2011 22:02:00 mbam-log-2011-05-22 (22-02-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Durchsuchte Objekte: 172775 Laufzeit: 30 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
23.05.2011, 13:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | windos recovery Festplatte beschädigt Alles Ganz schwarz War das der erste und einzige Scan mit Malwarebytes? Oder schon öfter gescannt? Wenn ja, zu jedem Scan gibt es auch ein Log, dann bitte alle posten.
__________________
__________________ |
|
24.05.2011, 16:42
| #3 |
| | windos recovery Festplatte beschädigt Alles Ganz schwarz Nein 3 scans hab ich durchgeführt
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6641 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.05.2011 19:12:07 mbam-log-2011-05-22 (19-12-07).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 139408 Laufzeit: 5 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 97 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{67631EC8-241F-475E-ADCE-A1A777D744FE} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\5NZQ29B3L2 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\LKGGOPABUH (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360delays.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360realpro.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safebox.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiarp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSetMgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\engineserver.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FrameworkService.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KABackReport.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KavStart.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISSvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kppserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeSvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSafeTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwstray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxedefend.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxescore.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxeserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kxetray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LiveUpdate360.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcinsupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdmgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfeann.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfevtps.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nbmanti.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorRtp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDrNetMon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegGuide.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHSTAT.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udaterui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Uplive.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XsClient.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\APSX85 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DOGKILLER (Worm.Megania) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oVlLshwOTG (Rogue.WindowsRecoveryConsole) -> Value: oVlLshwOTG -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\dokumente und einstellungen\all users\anwendungsdaten\ovllshwotg.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\all users\anwendungsdaten\19455780.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6641 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.05.2011 19:40:12 mbam-log-2011-05-22 (19-40-12).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|G:\|) Durchsuchte Objekte: 172607 Laufzeit: 26 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6641 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.05.2011 22:02:00 mbam-log-2011-05-22 (22-02-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Durchsuchte Objekte: 172775 Laufzeit: 30 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
24.05.2011, 18:22
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windos recovery Festplatte beschädigt Alles Ganz schwarz Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.10 21:55:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell - "" = AutoRun
O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34ea52e6-6b2e-11df-a473-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe
O33 - MountPoints2\{415a6774-218e-11e0-a5a6-0030849b5ab9}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun
O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e038bb1-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun
O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e038bb2-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe
O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell - "" = AutoRun
O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e038bb5-3c9d-11df-a41b-00081b02f23b}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell - "" = AutoRun
O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ced0009a-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe
O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell - "" = AutoRun
O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ced0009b-ff60-11de-9dd9-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe
O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell - "" = AutoRun
O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f05f4659-fe22-11de-9dcf-0030849b5ab9}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nvda\nvda.exe
O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell - "" = AutoRun
O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbee3ada-abb3-11df-a514-0030849b5ab9}\Shell\AutoRun\command - "" = F:\NPSAI.exe
[2011.05.22 19:13:57 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mncxvs.sys
[2011.05.21 21:51:21 | 000,000,400 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19455780
[2011.05.21 20:29:18 | 000,000,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19455780r
[2011.05.21 19:54:33 | 000,000,829 | ---- | M] () -- C:\Dokumente und Einstellungen\Kada\Desktop\Windows XP Recovery.lnk
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:92F194E416C66343
@Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu windos recovery Festplatte beschädigt Alles Ganz schwarz |
| 0x00000001, 0x8007042, alternate, arten, beschädigt, beseitigen, blockiert, c:\windows\system32\rundll32.exe, compu, computer, daten, desktop, dos, entferne, entfernen, festplatte, festplatte beschädigt, fontcache, freue, google chrome, heute, hoffe, malwarebytes, morgen, nichts, oldtimer, platte, plug-in, problem, recovery, scan, schnell, schwarz, shell32.dll, starte, starten, studio, super, tom tom, verschwunden, verzweifel, verzweifelt, visual studio, voll, windos, windows, windows internet, windows recovery, windows recovery entfernen, windows recovery leerer desktop, würde |
Linear-Darstellung
