|
Plagegeister aller Art und deren Bekämpfung: pum.bad.proxy-hijack.shell-pum.hijack.dis....Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.01.2012, 19:36 | #1 |
| pum.bad.proxy-hijack.shell-pum.hijack.dis.... hey, vllt. kann mir hier jemand helfen.Bei mir haben sich anscheinend mehrere Viren gemeldet.Angefangen hat alles mal nachdem sich meine Desktop Icons auf mysteriöser Weise nicht mehr zu sehen waren + schwarzen Desktop Hintergrund + versteckte Ordner.Viren Scan angemacht, der hat dann auch gleich angeschlagen, gelöscht.Da ich den Laptop nicht zum arbeiten verwende, war die Sache für mich erstmal geregelt Jetzt verschwinden allerdings auf einmal Sachen aus meiner Taskleiste.Der Taskmanager wurde vom Administrator deaktiviert und Programme sind beim öffnen erst kurz wieder sichtbar beim Herunterfahren von Windows. Ausserdem wird mir beim Start angezeigt das meine Firewall nich aktiv ist, und ich soll meine Hardware sicher entfernen soll etc.pp. Vllt. kann sich jemand mal meine geposteten Sachen angucken, und Rückschlüsse ziehen, ob ich mein Viren-Lappi jetzt vom Netz nehmen soll oder noch was zu retten ist. ps:Ich hab das jetzt nach der Anleitung gemacht, bin aber zwischenzeitlich etwas durcheinander gekommen defogger_disable Log [spoiler] defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:03 on 19/01/2012 (xxx) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCUAEMON Tools Lite -> Removed Checking for services/drivers... -=E.O.F=- [/spoiler] otl [spoiler] %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s %systemroot%\system32\*.manifest /3 /md5start explorer.exe regedit.exe winlogon.exe wininit.exe userinit.exe ipsec.sys afd.sys /md5stop HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs [/spoiler] otl.text [spoiler] OTL logfile created on: 19.01.2012 18:27:53 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 127,95 Mb Available Physical Memory | 25,01% Memory free 1,22 Gb Paging File | 0,61 Gb Available in Paging File | 49,67% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 18,62 Gb Total Space | 1,82 Gb Free Space | 9,79% Space Free | Partition Type: FAT32 Drive D: | 18,63 Gb Total Space | 17,39 Gb Free Space | 93,37% Space Free | Partition Type: NTFS Drive F: | 20,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 636,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ACER-PZDV2AMELZ | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.19 18:11:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads\OTL.exe PRC - [2012.01.09 17:05:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.10.11 15:00:04 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:38 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2009.03.12 09:53:30 | 000,114,688 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe PRC - [2008.04.14 03:22:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003.12.19 17:53:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE ========== Modules (No Company Name) ========== MOD - [2012.01.09 17:05:34 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.10.18 14:20:04 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011.10.11 14:59:52 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.03.12 09:53:30 | 000,114,688 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe MOD - [2009.03.12 09:52:58 | 000,135,168 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\LocaleMgrPlugin.dll MOD - [2009.03.12 09:51:28 | 000,032,768 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\NotifyServicePlugin.dll MOD - [2009.03.12 09:49:16 | 000,057,344 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\ConfigFilePlugin.dll MOD - [2009.03.12 09:47:58 | 000,098,304 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DeviceMgrPlugin.dll MOD - [2009.03.12 09:45:52 | 000,135,168 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\NetInfoPlugin.dll MOD - [2009.03.12 09:43:12 | 000,090,112 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DialUpPlugin.dll MOD - [2009.03.12 09:42:02 | 000,176,128 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DeviceMgrUIPlugin.dll MOD - [2009.03.12 09:27:26 | 000,860,160 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\NDISAPI.dll MOD - [2009.01.20 16:38:06 | 000,061,440 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\XCodec.dll MOD - [2009.01.20 16:38:04 | 000,061,440 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DeviceOperate.dll MOD - [2009.01.20 16:38:00 | 000,155,648 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\DetectDev.dll MOD - [2009.01.20 16:37:56 | 000,561,152 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\atcomm.dll MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Programme\Surf & E-Mail-Stick\isaputrace.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService) SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.10.11 14:59:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.12.09 11:21:08 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 15:00:02 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:02 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.04 13:36:44 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.07.04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.07.04 13:35:24 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.07.04 13:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2011.07.04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.07.04 13:32:14 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011.07.04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.03.17 01:43:04 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.06.17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.08 10:55:18 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2006.09.24 15:28:48 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2004.03.22 23:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004.03.07 14:43:10 | 001,657,344 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R) DRV - [2004.01.16 15:41:00 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023) DRV - [2003.12.19 20:07:50 | 000,541,548 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2003.12.11 23:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003.07.25 11:22:52 | 001,196,460 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl) DRV - [2003.04.08 13:24:40 | 000,051,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2003.04.02 14:02:26 | 000,007,040 | ---- | M] (EnE Technology Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ENECBPTH.sys -- (ENECBPTH) DRV - [2003.03.27 14:57:24 | 002,379,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R) DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl) DRV - [2002.11.20 14:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3) DRV - [2001.08.17 09:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 52121 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.12 11:24:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2001.06.30 05:41:54 | 000,000,000 | ---D | M] [2001.06.30 05:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions [2011.03.27 23:07:32 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Heino\Anwendungsdaten\Mozilla\Firefox\Profiles\bh0wrned.default\searchplugins\youtube-videosuche.xml [2001.06.30 05:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.19 14:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.10.18 13:04:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.01.09 17:05:38 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.09.29 03:24:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:38 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 03:24:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2003.04.02 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [Mobile Partner] C:\Programme\Surf & E-Mail-Stick\Surf & E-Mail-Stick.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Heino\Startmenü\Programme\Autostart\SystemExplorerDisabled [2012.01.19 15:25:24 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: facebook.com ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: partypoker.com ([de] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ADE8F50-4FAA-48CB-87DF-7CDDE48CBA80}: NameServer = 139.7.30.125 139.7.30.126 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007.11.15 00:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2000.01.26 09:41:54 | 000,000,040 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{1c6dd090-f16b-11df-8b60-a7f25e9bdf95}\Shell - "" = AutoRun O33 - MountPoints2\{1c6dd090-f16b-11df-8b60-a7f25e9bdf95}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1c6dd090-f16b-11df-8b60-a7f25e9bdf95}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{472a64a0-1d08-11e0-8bc5-fd82f88efd8c}\Shell - "" = AutoRun O33 - MountPoints2\{472a64a0-1d08-11e0-8bc5-fd82f88efd8c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{472a64a0-1d08-11e0-8bc5-fd82f88efd8c}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{504f4fd0-efdd-11df-8b5e-f5ce6cdfe2ac}\Shell - "" = AutoRun O33 - MountPoints2\{504f4fd0-efdd-11df-8b5e-f5ce6cdfe2ac}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{504f4fd0-efdd-11df-8b5e-f5ce6cdfe2ac}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{598c6ab0-2ef2-11e0-8be2-972b9f0736c5}\Shell - "" = AutoRun O33 - MountPoints2\{598c6ab0-2ef2-11e0-8be2-972b9f0736c5}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{598c6ab0-2ef2-11e0-8be2-972b9f0736c5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{6188aff0-5036-11e0-8c18-958cee7e839a}\Shell - "" = AutoRun O33 - MountPoints2\{6188aff0-5036-11e0-8c18-958cee7e839a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6188aff0-5036-11e0-8c18-958cee7e839a}\Shell\AutoRun\command - "" = I:\SETUP.EXE O33 - MountPoints2\{6188aff1-5036-11e0-8c18-958cee7e839a}\Shell - "" = AutoRun O33 - MountPoints2\{6188aff1-5036-11e0-8c18-958cee7e839a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6188aff1-5036-11e0-8c18-958cee7e839a}\Shell\AutoRun\command - "" = J:\SETUP.EXE O33 - MountPoints2\{7289b520-f239-11df-8b63-89a1da9015c1}\Shell - "" = AutoRun O33 - MountPoints2\{7289b520-f239-11df-8b63-89a1da9015c1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7289b520-f239-11df-8b63-89a1da9015c1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{9233d6e0-6c4c-11d5-8b5c-fffa5d66108d}\Shell - "" = AutoRun O33 - MountPoints2\{9233d6e0-6c4c-11d5-8b5c-fffa5d66108d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9233d6e0-6c4c-11d5-8b5c-fffa5d66108d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{9233d6e1-6c4c-11d5-8b5c-fffa5d66108d}\Shell - "" = AutoRun O33 - MountPoints2\{9233d6e1-6c4c-11d5-8b5c-fffa5d66108d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9233d6e1-6c4c-11d5-8b5c-fffa5d66108d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{c51c1bf0-96a1-11e0-8c9f-c346acdeaf4f}\Shell - "" = AutoRun O33 - MountPoints2\{c51c1bf0-96a1-11e0-8c9f-c346acdeaf4f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c51c1bf0-96a1-11e0-8c9f-c346acdeaf4f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.29 02:52:16 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{c51c1bf1-96a1-11e0-8c9f-c346acdeaf4f}\Shell - "" = AutoRun O33 - MountPoints2\{c51c1bf1-96a1-11e0-8c9f-c346acdeaf4f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c51c1bf1-96a1-11e0-8c9f-c346acdeaf4f}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894 ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.19 15:57:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes [2012.01.19 15:57:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.01.19 15:57:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.01.19 15:57:33 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.01.19 15:57:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.01.19 15:25:23 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\SystemExplorerDisabled [2012.01.19 14:43:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SystemExplorer [2012.01.19 14:43:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\System Explorer [2012.01.19 14:43:49 | 000,000,000 | ---D | C] -- C:\Programme\System Explorer [2012.01.19 14:28:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent [2012.01.15 13:41:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.01.15 13:41:34 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.01.15 03:52:12 | 000,000,000 | -HSD | C] -- C:\FOUND.001 [2012.01.15 02:03:44 | 000,000,000 | -HSD | C] -- C:\FOUND.000 [2012.01.13 08:22:50 | 000,000,000 | -HSD | C] -- C:\FOUND.012 [2012.01.11 08:10:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\OmahaEquilab [2012.01.11 08:06:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations [2012.01.11 08:01:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Equilab [2012.01.11 07:51:58 | 000,000,000 | -HSD | C] -- C:\FOUND.011 [2011.12.22 11:54:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Google [2011.12.22 11:51:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.19 18:26:14 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.01.19 18:04:16 | 000,000,148 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable [2012.01.19 15:57:42 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.19 14:43:54 | 000,000,641 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\System Explorer.lnk [2012.01.19 14:07:30 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.01.19 14:07:14 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2012.01.18 16:21:28 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\PartyPoker installieren.lnk [2012.01.15 13:41:40 | 000,000,562 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.01.15 06:03:26 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\wpbt0.dll.lnk [2012.01.14 14:53:54 | 000,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Windows Media Player.lnk [2012.01.11 08:06:26 | 000,001,947 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PokerStrategy.com Equilab - Omaha.lnk [2012.01.01 12:36:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.19 18:03:58 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable [2012.01.19 15:57:40 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.19 14:43:52 | 000,000,641 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\System Explorer.lnk [2012.01.15 13:58:31 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\PartyPoker installieren.lnk [2012.01.15 13:41:38 | 000,000,562 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.01.15 06:03:23 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\wpbt0.dll.lnk [2012.01.11 08:06:24 | 000,001,947 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PokerStrategy.com Equilab - Omaha.lnk [2011.08.22 19:32:07 | 000,005,118 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf [2011.03.17 01:52:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\editor.INI [2010.12.18 12:44:11 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2007.04.25 21:24:47 | 000,000,482 | ---- | C] () -- C:\WINDOWS\scummvm.ini [2007.04.11 21:57:25 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys [2007.04.11 21:57:25 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys [2005.01.10 13:39:03 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [2005.01.10 13:39:03 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.05.16 22:34:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\alaunch.ini [2004.04.23 03:29:28 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Extensa.ini [2004.03.01 16:55:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.03.01 14:59:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2004.03.01 14:56:10 | 000,017,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\frmupgr.sys [2004.03.01 14:56:08 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btw_ci.dll [2004.03.01 14:56:08 | 000,051,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\btwusb.sys [2004.03.01 14:54:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.03.01 14:52:33 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [2004.03.01 14:51:44 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2004.03.01 14:51:44 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2004.03.01 14:45:25 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2004.03.01 14:45:24 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2004.03.01 14:45:20 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2004.03.01 14:39:38 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.03.01 14:39:37 | 001,969,664 | ---- | C] () -- C:\WINDOWS\PQDISK.EXE [2004.03.01 14:39:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE [2004.03.01 14:39:37 | 000,000,240 | ---- | C] () -- C:\WINDOWS\PQDISK.INI [2004.03.01 14:34:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.03.01 14:33:06 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.03.01 14:29:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.03.01 14:28:54 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [2001.06.30 05:42:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [1980.01.01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [1980.01.01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [1980.01.01 00:00:00 | 000,318,680 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [1980.01.01 00:00:00 | 000,313,280 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [1980.01.01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [1980.01.01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [1980.01.01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [1980.01.01 00:00:00 | 000,049,424 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [1980.01.01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [1980.01.01 00:00:00 | 000,040,998 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [1980.01.01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [1980.01.01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [1980.01.01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980.01.01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [1980.01.01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2010.11.17 11:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios [2010.11.26 13:04:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2011.03.17 01:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.01.19 14:43:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SystemExplorer [2011.03.17 01:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Lite [2011.07.21 14:54:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Leadertech ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.15 02:03:44 | 000,000,000 | -HSD | M] -- C:\FOUND.000 [2004.03.01 14:13:28 | 000,000,000 | ---D | M] -- C:\ACERNB [2012.01.15 03:52:12 | 000,000,000 | -HSD | M] -- C:\FOUND.001 [2004.03.01 14:13:32 | 000,000,000 | ---D | M] -- C:\SYSINFO [2011.07.15 07:43:38 | 000,000,000 | -HSD | M] -- C:\FOUND.010 [2012.01.11 07:51:58 | 000,000,000 | -HSD | M] -- C:\FOUND.011 [2012.01.13 08:22:50 | 000,000,000 | -HSD | M] -- C:\FOUND.012 [2004.03.01 14:13:30 | 000,000,000 | ---D | M] -- C:\WINDOWS [2004.03.01 14:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2004.03.01 14:35:30 | 000,000,000 | R--D | M] -- C:\Programme [2004.03.01 14:39:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2004.03.01 14:51:50 | 000,000,000 | ---D | M] -- C:\Program Files [2004.03.01 14:56:22 | 000,000,000 | ---D | M] -- C:\DOTNETFX [2004.03.01 14:56:26 | 000,000,000 | ---D | M] -- C:\VALUEADD [2004.03.01 14:56:28 | 000,000,000 | ---D | M] -- C:\SUPPORT [2004.03.01 14:56:32 | 000,000,000 | ---D | M] -- C:\DOCS [2004.03.01 16:55:30 | 000,000,000 | -HSD | M] -- C:\Recycled [2010.11.17 10:38:50 | 000,000,000 | ---D | M] -- C:\spiele [2011.05.25 15:00:58 | 000,000,000 | ---D | M] -- C:\Musik < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [/spoiler] extras.txt [spoiler] OTL Extras logfile created on: 19.01.2012 18:27:53 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,48 Mb Total Physical Memory | 127,95 Mb Available Physical Memory | 25,01% Memory free 1,22 Gb Paging File | 0,61 Gb Available in Paging File | 49,67% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 18,62 Gb Total Space | 1,82 Gb Free Space | 9,79% Space Free | Partition Type: FAT32 Drive D: | 18,63 Gb Total Space | 17,39 Gb Free Space | 93,37% Space Free | Partition Type: NTFS Drive F: | 20,92 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 636,08 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ACER-PZDV2AMELZ | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\SPIELE\Stronghold Crusader\Stronghold_Crusader_Extreme.exe" = C:\SPIELE\Stronghold Crusader\Stronghold_Crusader_Extreme.exe:*:Enabled:Stronghold Crusader -- ( ) "C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application "C:\SPIELE\strongold2\Stronghold2.exe" = C:\SPIELE\strongold2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 "C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver "C:\WINDOWS\System32\dplaysvr.exe" = C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation) "C:\spiele\Stronghold Crusader\Stronghold Crusader.exe" = C:\spiele\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ( ) "C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{34666707-0A0F-49DE-BB8E-FE50BBD40358}" = PokerStrategy.com Equilab - Omaha "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0 "{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Software Uninstall Utility "ANSTOSS 3_is1" = ANSTOSS 3 "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup.divx.com" = DivX-Setup "ie8" = Windows Internet Explorer 8 "InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "PokerStars" = PokerStars "SpeedFan" = SpeedFan (remove only) "Surf & E-Mail-Stick" = Surf & E-Mail-Stick "SynTPDeinstKey" = Synaptics Pointing Device Driver "System Explorer_is1" = System Explorer 3.7.1 "VLC media player" = VideoLAN VLC media player 0.8.6a "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.01.2012 22:29:01 | Computer Name = ACER-PZDV2AMELZ | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 14.01.2012 22:52:46 | Computer Name = ACER-PZDV2AMELZ | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 15.01.2012 03:14:13 | Computer Name = ACER-PZDV2AMELZ | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung registrybooster.exe, Version 6.0.10.7, fehlgeschlagenes Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x0020a058. Error - 15.01.2012 03:23:11 | Computer Name = ACER-PZDV2AMELZ | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung registrybooster.exe, Version 6.0.10.7, fehlgeschlagenes Modul mshtml.dll, Version 8.0.6001.19170, Fehleradresse 0x0020a058. Error - 15.01.2012 08:48:02 | Computer Name = ACER-PZDV2AMELZ | Source = MsiInstaller | ID = 10005 Description = Product: Skype Toolbars -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2738. The arguments are: , , Error - 17.01.2012 05:48:47 | Computer Name = ACER-PZDV2AMELZ | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 17.01.2012 11:22:39 | Computer Name = ACER-PZDV2AMELZ | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 9.0.1.4371, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 19.01.2012 08:04:09 | Computer Name = ACER-PZDV2AMELZ | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung anstoss3.exe, Version 1.1.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 19.01.2012 08:04:09 | Computer Name = ACER-PZDV2AMELZ | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung anstoss3.exe, Version 1.1.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 19.01.2012 12:13:25 | Computer Name = ACER-PZDV2AMELZ | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 14.01.2012 22:29:01 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 14.01.2012 22:47:12 | Computer Name = ACER-PZDV2AMELZ | Source = VolSnap | ID = 393228 Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde. Error - 14.01.2012 22:52:47 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 14.01.2012 23:02:35 | Computer Name = ACER-PZDV2AMELZ | Source = VolSnap | ID = 393228 Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde. Error - 15.01.2012 00:39:20 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 15.01.2012 06:15:47 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 15.01.2012 06:22:44 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 15.01.2012 06:23:58 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 17.01.2012 05:48:48 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 19.01.2012 09:07:22 | Computer Name = ACER-PZDV2AMELZ | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. < End of report > [/spoiler] |
19.01.2012, 19:37 | #2 |
| pum.bad.proxy-hijack.shell-pum.hijack.dis.... ok.das mit den spoilern hat schon mal nicht geklappt
__________________e:und ich habs ins falsche forum gestellt.kann jemand mein Beitrag verschieben? die viren wurden mir von Malwarebytes angezeigt. Geändert von Mistverdammt (19.01.2012 um 20:09 Uhr) |
Themen zu pum.bad.proxy-hijack.shell-pum.hijack.dis.... |
.com, 0x00000001, antivir, antivirus, avira, bho, desktop, einstellungen, entfernen, firefox, flash player, format, google earth, home, logfile, mozilla, msiinstaller, plug-in, port, problem, realtek, registry, rundll, scan, security, software, taskmanager, udp, viren, windows internet |