Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: pum.bad.proxy-hijack.shell-pum.hijack.dis....

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.01.2012, 18:36   #1
Mistverdammt
 
pum.bad.proxy-hijack.shell-pum.hijack.dis.... - Standard

pum.bad.proxy-hijack.shell-pum.hijack.dis....



hey,

vllt. kann mir hier jemand helfen.Bei mir haben sich anscheinend mehrere Viren gemeldet.Angefangen hat alles mal nachdem sich meine Desktop Icons auf mysteriöser Weise nicht mehr zu sehen waren + schwarzen Desktop Hintergrund + versteckte Ordner.Viren Scan angemacht, der hat dann auch gleich angeschlagen, gelöscht.Da ich den Laptop nicht zum arbeiten verwende, war die Sache für mich erstmal geregelt

Jetzt verschwinden allerdings auf einmal Sachen aus meiner Taskleiste.Der Taskmanager wurde vom Administrator deaktiviert und Programme sind beim öffnen erst kurz wieder sichtbar beim Herunterfahren von Windows.

Ausserdem wird mir beim Start angezeigt das meine Firewall nich aktiv ist,
und ich soll meine Hardware sicher entfernen soll etc.pp.

Vllt. kann sich jemand mal meine geposteten Sachen angucken, und Rückschlüsse ziehen, ob ich mein Viren-Lappi jetzt vom Netz nehmen soll oder noch was zu retten ist.

ps:Ich hab das jetzt nach der Anleitung gemacht, bin aber zwischenzeitlich etwas durcheinander gekommen



defogger_disable Log

[spoiler] defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:03 on 19/01/2012 (xxx)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...

-=E.O.F=-

[/spoiler]

otl

[spoiler]

%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
ipsec.sys
afd.sys
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

[/spoiler]

otl.text

[spoiler]

OTL logfile created on: 19.01.2012 18:27:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,48 Mb Total Physical Memory | 127,95 Mb Available Physical Memory | 25,01% Memory free
1,22 Gb Paging File | 0,61 Gb Available in Paging File | 49,67% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18,62 Gb Total Space | 1,82 Gb Free Space | 9,79% Space Free | Partition Type: FAT32
Drive D: | 18,63 Gb Total Space | 17,39 Gb Free Space | 93,37% Space Free | Partition Type: NTFS
Drive F: | 20,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 636,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ACER-PZDV2AMELZ | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.19 18:11:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.01.09 17:05:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.11 15:00:04 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:38 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.03.12 09:53:30 | 000,114,688 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe
PRC - [2008.04.14 03:22:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.12.19 17:53:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2012.01.09 17:05:34 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.10.18 14:20:04 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.11 14:59:52 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.03.12 09:53:30 | 000,114,688 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe
MOD - [2009.03.12 09:52:58 | 000,135,168 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\LocaleMgrPlugin.dll
MOD - [2009.03.12 09:51:28 | 000,032,768 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\NotifyServicePlugin.dll
MOD - [2009.03.12 09:49:16 | 000,057,344 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\ConfigFilePlugin.dll
MOD - [2009.03.12 09:47:58 | 000,098,304 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DeviceMgrPlugin.dll
MOD - [2009.03.12 09:45:52 | 000,135,168 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\NetInfoPlugin.dll
MOD - [2009.03.12 09:43:12 | 000,090,112 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DialUpPlugin.dll
MOD - [2009.03.12 09:42:02 | 000,176,128 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DeviceMgrUIPlugin.dll
MOD - [2009.03.12 09:27:26 | 000,860,160 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\NDISAPI.dll
MOD - [2009.01.20 16:38:06 | 000,061,440 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\XCodec.dll
MOD - [2009.01.20 16:38:04 | 000,061,440 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DeviceOperate.dll
MOD - [2009.01.20 16:38:00 | 000,155,648 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DetectDev.dll
MOD - [2009.01.20 16:37:56 | 000,561,152 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\atcomm.dll
MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\isaputrace.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService)
SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 14:59:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)


========== Driver Services (SafeList) ==========

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.09 11:21:08 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:02 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:02 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.04 13:36:44 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 13:35:24 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 13:32:14 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.03.17 01:43:04 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.06.17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.08 10:55:18 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006.09.24 15:28:48 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004.03.22 23:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.03.07 14:43:10 | 001,657,344 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2004.01.16 15:41:00 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.12.19 20:07:50 | 000,541,548 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003.12.11 23:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.07.25 11:22:52 | 001,196,460 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.04.08 13:24:40 | 000,051,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2003.04.02 14:02:26 | 000,007,040 | ---- | M] (EnE Technology Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ENECBPTH.sys -- (ENECBPTH)
DRV - [2003.03.27 14:57:24 | 002,379,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2002.11.20 14:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2001.08.17 09:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52121
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.12 11:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2001.06.30 05:41:54 | 000,000,000 | ---D | M]

[2001.06.30 05:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2011.03.27 23:07:32 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Heino\Anwendungsdaten\Mozilla\Firefox\Profiles\bh0wrned.default\searchplugins\youtube-videosuche.xml
[2001.06.30 05:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.19 14:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.10.18 13:04:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.01.09 17:05:38 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.29 03:24:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2003.04.02 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Mobile Partner] C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Heino\Startmenü\Programme\Autostart\SystemExplorerDisabled [2012.01.19 15:25:24 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: partypoker.com ([de] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADE8F50-4FAA-48CB-87DF-7CDDE48CBA80}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.15 00:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2000.01.26 09:41:54 | 000,000,040 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1c6dd090-f16b-11df-8b60-a7f25e9bdf95}\Shell - "" = AutoRun
O33 - MountPoints2\{1c6dd090-f16b-11df-8b60-a7f25e9bdf95}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1c6dd090-f16b-11df-8b60-a7f25e9bdf95}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{472a64a0-1d08-11e0-8bc5-fd82f88efd8c}\Shell - "" = AutoRun
O33 - MountPoints2\{472a64a0-1d08-11e0-8bc5-fd82f88efd8c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{472a64a0-1d08-11e0-8bc5-fd82f88efd8c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{504f4fd0-efdd-11df-8b5e-f5ce6cdfe2ac}\Shell - "" = AutoRun
O33 - MountPoints2\{504f4fd0-efdd-11df-8b5e-f5ce6cdfe2ac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{504f4fd0-efdd-11df-8b5e-f5ce6cdfe2ac}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{598c6ab0-2ef2-11e0-8be2-972b9f0736c5}\Shell - "" = AutoRun
O33 - MountPoints2\{598c6ab0-2ef2-11e0-8be2-972b9f0736c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{598c6ab0-2ef2-11e0-8be2-972b9f0736c5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6188aff0-5036-11e0-8c18-958cee7e839a}\Shell - "" = AutoRun
O33 - MountPoints2\{6188aff0-5036-11e0-8c18-958cee7e839a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6188aff0-5036-11e0-8c18-958cee7e839a}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{6188aff1-5036-11e0-8c18-958cee7e839a}\Shell - "" = AutoRun
O33 - MountPoints2\{6188aff1-5036-11e0-8c18-958cee7e839a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6188aff1-5036-11e0-8c18-958cee7e839a}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{7289b520-f239-11df-8b63-89a1da9015c1}\Shell - "" = AutoRun
O33 - MountPoints2\{7289b520-f239-11df-8b63-89a1da9015c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7289b520-f239-11df-8b63-89a1da9015c1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9233d6e0-6c4c-11d5-8b5c-fffa5d66108d}\Shell - "" = AutoRun
O33 - MountPoints2\{9233d6e0-6c4c-11d5-8b5c-fffa5d66108d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9233d6e0-6c4c-11d5-8b5c-fffa5d66108d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9233d6e1-6c4c-11d5-8b5c-fffa5d66108d}\Shell - "" = AutoRun
O33 - MountPoints2\{9233d6e1-6c4c-11d5-8b5c-fffa5d66108d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9233d6e1-6c4c-11d5-8b5c-fffa5d66108d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c51c1bf0-96a1-11e0-8c9f-c346acdeaf4f}\Shell - "" = AutoRun
O33 - MountPoints2\{c51c1bf0-96a1-11e0-8c9f-c346acdeaf4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c51c1bf0-96a1-11e0-8c9f-c346acdeaf4f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c51c1bf1-96a1-11e0-8c9f-c346acdeaf4f}\Shell - "" = AutoRun
O33 - MountPoints2\{c51c1bf1-96a1-11e0-8c9f-c346acdeaf4f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c51c1bf1-96a1-11e0-8c9f-c346acdeaf4f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012.01.19 15:57:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2012.01.19 15:57:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.19 15:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.19 15:57:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.19 15:57:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.19 15:25:23 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\SystemExplorerDisabled
[2012.01.19 14:43:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SystemExplorer
[2012.01.19 14:43:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\System Explorer
[2012.01.19 14:43:49 | 000,000,000 | ---D | C] -- C:\Programme\System Explorer
[2012.01.19 14:28:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent
[2012.01.15 13:41:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.01.15 13:41:34 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.01.15 03:52:12 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012.01.15 02:03:44 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2012.01.13 08:22:50 | 000,000,000 | -HSD | C] -- C:\FOUND.012
[2012.01.11 08:10:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\OmahaEquilab
[2012.01.11 08:06:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2012.01.11 08:01:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Equilab
[2012.01.11 07:51:58 | 000,000,000 | -HSD | C] -- C:\FOUND.011
[2011.12.22 11:54:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Google
[2011.12.22 11:51:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.19 18:26:14 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.19 18:04:16 | 000,000,148 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.01.19 15:57:42 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.19 14:43:54 | 000,000,641 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\System Explorer.lnk
[2012.01.19 14:07:30 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.19 14:07:14 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.18 16:21:28 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\PartyPoker installieren.lnk
[2012.01.15 13:41:40 | 000,000,562 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.01.15 06:03:26 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\wpbt0.dll.lnk
[2012.01.14 14:53:54 | 000,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Windows Media Player.lnk
[2012.01.11 08:06:26 | 000,001,947 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PokerStrategy.com Equilab - Omaha.lnk
[2012.01.01 12:36:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.19 18:03:58 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.01.19 15:57:40 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.19 14:43:52 | 000,000,641 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\System Explorer.lnk
[2012.01.15 13:58:31 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\PartyPoker installieren.lnk
[2012.01.15 13:41:38 | 000,000,562 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.01.15 06:03:23 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\wpbt0.dll.lnk
[2012.01.11 08:06:24 | 000,001,947 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PokerStrategy.com Equilab - Omaha.lnk
[2011.08.22 19:32:07 | 000,005,118 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf
[2011.03.17 01:52:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\editor.INI
[2010.12.18 12:44:11 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007.04.25 21:24:47 | 000,000,482 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2007.04.11 21:57:25 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2007.04.11 21:57:25 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2005.01.10 13:39:03 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2005.01.10 13:39:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.05.16 22:34:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2004.04.23 03:29:28 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Extensa.ini
[2004.03.01 16:55:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.03.01 14:59:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004.03.01 14:56:10 | 000,017,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\frmupgr.sys
[2004.03.01 14:56:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btw_ci.dll
[2004.03.01 14:56:08 | 000,051,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\btwusb.sys
[2004.03.01 14:54:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.03.01 14:52:33 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004.03.01 14:51:44 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2004.03.01 14:51:44 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004.03.01 14:45:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004.03.01 14:45:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004.03.01 14:45:20 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004.03.01 14:39:38 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004.03.01 14:39:37 | 001,969,664 | ---- | C] () -- C:\WINDOWS\PQDISK.EXE
[2004.03.01 14:39:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2004.03.01 14:39:37 | 000,000,240 | ---- | C] () -- C:\WINDOWS\PQDISK.INI
[2004.03.01 14:34:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.03.01 14:33:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.03.01 14:29:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.03.01 14:28:54 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001.06.30 05:42:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980.01.01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980.01.01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980.01.01 00:00:00 | 000,318,680 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1980.01.01 00:00:00 | 000,313,280 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980.01.01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980.01.01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1980.01.01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980.01.01 00:00:00 | 000,049,424 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1980.01.01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980.01.01 00:00:00 | 000,040,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980.01.01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1980.01.01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980.01.01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980.01.01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980.01.01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010.11.17 11:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios
[2010.11.26 13:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.03.17 01:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.01.19 14:43:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SystemExplorer
[2011.03.17 01:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Lite
[2011.07.21 14:54:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2012.01.15 02:03:44 | 000,000,000 | -HSD | M] -- C:\FOUND.000
[2004.03.01 14:13:28 | 000,000,000 | ---D | M] -- C:\ACERNB
[2012.01.15 03:52:12 | 000,000,000 | -HSD | M] -- C:\FOUND.001
[2004.03.01 14:13:32 | 000,000,000 | ---D | M] -- C:\SYSINFO
[2011.07.15 07:43:38 | 000,000,000 | -HSD | M] -- C:\FOUND.010
[2012.01.11 07:51:58 | 000,000,000 | -HSD | M] -- C:\FOUND.011
[2012.01.13 08:22:50 | 000,000,000 | -HSD | M] -- C:\FOUND.012
[2004.03.01 14:13:30 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2004.03.01 14:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2004.03.01 14:35:30 | 000,000,000 | R--D | M] -- C:\Programme
[2004.03.01 14:39:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2004.03.01 14:51:50 | 000,000,000 | ---D | M] -- C:\Program Files
[2004.03.01 14:56:22 | 000,000,000 | ---D | M] -- C:\DOTNETFX
[2004.03.01 14:56:26 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2004.03.01 14:56:28 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2004.03.01 14:56:32 | 000,000,000 | ---D | M] -- C:\DOCS
[2004.03.01 16:55:30 | 000,000,000 | -HSD | M] -- C:\Recycled
[2010.11.17 10:38:50 | 000,000,000 | ---D | M] -- C:\spiele
[2011.05.25 15:00:58 | 000,000,000 | ---D | M] -- C:\Musik

< %PROGRAMFILES%\*.exe >

Invalid Environment Variable: LOCALAPPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[/spoiler]

extras.txt

[spoiler]

OTL Extras logfile created on: 19.01.2012 18:27:53 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,48 Mb Total Physical Memory | 127,95 Mb Available Physical Memory | 25,01% Memory free
1,22 Gb Paging File | 0,61 Gb Available in Paging File | 49,67% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18,62 Gb Total Space | 1,82 Gb Free Space | 9,79% Space Free | Partition Type: FAT32
Drive D: | 18,63 Gb Total Space | 17,39 Gb Free Space | 93,37% Space Free | Partition Type: NTFS
Drive F: | 20,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 636,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ACER-PZDV2AMELZ | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\SPIELE\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" = C:\SPIELE\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\SPIELE\strongold2\Stronghold2.exe" = C:\SPIELE\strongold2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\WINDOWS\System32\dplaysvr.exe" = C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\spiele\Stronghold Crusader\Stronghold Crusader.exe" = C:\spiele\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( )
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{34666707-0A0F-49DE-BB8E-FE50BBD40358}" = PokerStrategy.com Equilab - Omaha
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ANSTOSS 3_is1" = ANSTOSS 3
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ie8" = Windows Internet Explorer 8
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"PokerStars" = PokerStars
"SpeedFan" = SpeedFan (remove only)
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Explorer_is1" = System Explorer 3.7.1
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.01.2012 22:29:01 | Computer Name = ACER-PZDV2AMELZ | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 14.01.2012 22:52:46 | Computer Name = ACER-PZDV2AMELZ | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 15.01.2012 03:14:13 | Computer Name = ACER-PZDV2AMELZ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung registrybooster.exe, Version 6.0.10.7, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x0020a058.

Error - 15.01.2012 03:23:11 | Computer Name = ACER-PZDV2AMELZ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung registrybooster.exe, Version 6.0.10.7, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x0020a058.

Error - 15.01.2012 08:48:02 | Computer Name = ACER-PZDV2AMELZ | Source = MsiInstaller | ID = 10005
Description = Product: Skype Toolbars -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2738. The arguments are: , ,

Error - 17.01.2012 05:48:47 | Computer Name = ACER-PZDV2AMELZ | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 17.01.2012 11:22:39 | Computer Name = ACER-PZDV2AMELZ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 9.0.1.4371, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 19.01.2012 08:04:09 | Computer Name = ACER-PZDV2AMELZ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung anstoss3.exe, Version 1.1.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 19.01.2012 08:04:09 | Computer Name = ACER-PZDV2AMELZ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung anstoss3.exe, Version 1.1.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 19.01.2012 12:13:25 | Computer Name = ACER-PZDV2AMELZ | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 14.01.2012 22:29:01 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 14.01.2012 22:47:12 | Computer Name = ACER-PZDV2AMELZ | Source = VolSnap | ID = 393228
Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend
Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde.

Error - 14.01.2012 22:52:47 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 14.01.2012 23:02:35 | Computer Name = ACER-PZDV2AMELZ | Source = VolSnap | ID = 393228
Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend
Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde.

Error - 15.01.2012 00:39:20 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 15.01.2012 06:15:47 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 15.01.2012 06:22:44 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 15.01.2012 06:23:58 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 17.01.2012 05:48:48 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

Error - 19.01.2012 09:07:22 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.


< End of report >

[/spoiler]

Alt 19.01.2012, 18:37   #2
Mistverdammt
 
pum.bad.proxy-hijack.shell-pum.hijack.dis.... - Standard

pum.bad.proxy-hijack.shell-pum.hijack.dis....



ok.das mit den spoilern hat schon mal nicht geklappt

e:und ich habs ins falsche forum gestellt.kann jemand mein Beitrag verschieben?

die viren wurden mir von Malwarebytes angezeigt.
__________________


Geändert von Mistverdammt (19.01.2012 um 19:09 Uhr)

Antwort

Themen zu pum.bad.proxy-hijack.shell-pum.hijack.dis....
.com, 0x00000001, antivir, antivirus, avira, bho, desktop, einstellungen, entfernen, firefox, flash player, format, google earth, home, logfile, mozilla, msiinstaller, port, problem, realtek, registry, rundll, scan, security, software, taskmanager, udp, viren, windows internet



Ähnliche Themen: pum.bad.proxy-hijack.shell-pum.hijack.dis....


  1. Hijack Browser Proxy
    Log-Analyse und Auswertung - 02.02.2015 (13)
  2. Proxy stellt sich immer auf 127.0.0.1:9880 nach hijack durch websearches
    Log-Analyse und Auswertung - 08.11.2014 (11)
  3. Malewarebytes Fund Trojan.Ransom.Gen c:\..\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\ctfmon.Ink und Hijack.Shell.Gen
    Log-Analyse und Auswertung - 01.11.2012 (8)
  4. Hijack.ControlPanelStyle / PUM.Hijack.DisplayProperties
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (3)
  5. Verschlüsselungstrojaner Trojan.FakeVLC, PUM.Hijack.Task, Hijack.Regedit, Trojan.Agent
    Log-Analyse und Auswertung - 24.06.2012 (1)
  6. Trojan Agent in svchost.exe und Hijack.Shell
    Log-Analyse und Auswertung - 24.01.2012 (34)
  7. Viren Hijack.Regedit und Hijack.TaskManager: Wie beheben?
    Log-Analyse und Auswertung - 14.11.2010 (5)
  8. hijack this log
    Log-Analyse und Auswertung - 31.10.2009 (4)
  9. IE und Antivir funktioniert nicht - Security.Hijack und Hijack.ControlPanelStyle
    Log-Analyse und Auswertung - 25.07.2009 (37)
  10. TR/Hijack.AE.1
    Plagegeister aller Art und deren Bekämpfung - 20.11.2008 (7)
  11. Hijack-Log
    Log-Analyse und Auswertung - 13.02.2007 (9)
  12. TR/Hijack.Cop.5
    Plagegeister aller Art und deren Bekämpfung - 14.08.2006 (11)
  13. IE Hijack
    Log-Analyse und Auswertung - 19.07.2006 (11)
  14. HiJack-Log
    Log-Analyse und Auswertung - 23.05.2005 (7)
  15. Help HIJack this.log
    Log-Analyse und Auswertung - 09.05.2005 (1)
  16. hijack log
    Log-Analyse und Auswertung - 01.05.2005 (2)
  17. hijack fixer, hijack this
    Log-Analyse und Auswertung - 19.07.2004 (1)

Zum Thema pum.bad.proxy-hijack.shell-pum.hijack.dis.... - hey, vllt. kann mir hier jemand helfen.Bei mir haben sich anscheinend mehrere Viren gemeldet.Angefangen hat alles mal nachdem sich meine Desktop Icons auf mysteriöser Weise nicht mehr zu sehen waren - pum.bad.proxy-hijack.shell-pum.hijack.dis.......
Archiv
Du betrachtest: pum.bad.proxy-hijack.shell-pum.hijack.dis.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.