Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Adware oder was ist los?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.05.2010, 11:34   #1
Kopfkissen
 
Adware oder was ist los? - Standard

Adware oder was ist los?



Als ich gestern im INet surfte, hab ich mir die neue Version von Open Office geladen.(Über RS, dauert sonst ewig). Als ich den Setup aufmachte, kam ein Konsolenfenster (für 1/2 sek.) und danach war der Installer weg und alle 5 Minuten reisst sich der IE auf und zeigt Werbung für irgendwelche "Handy-Nacktscanner"

Was soll ich tun?

Alt 20.05.2010, 12:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware oder was ist los? - Standard

Adware oder was ist los?



Hallo,

Zitat:
hab ich mir die neue Version von Open Office geladen.(Über RS, dauert sonst ewig).


OpenOffice lädt man nur von der Originalseite!! Die Seite bitete auch alternative Server und auch den DL über Torrent! Wozu rapidshare!


bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 20.05.2010, 15:45   #3
Kopfkissen
 
Adware oder was ist los? - Standard

Adware oder was ist los?



Also, die 2 Programme von dir laufen.
Vorher hab ich selbst Avira drüberlaufen lassen (neustes Update)
Gab 2 "Viren"-Treffer, hab beide in Quarantäne geschoben.
Und den Spybot SD auch und hab alles gelöscht was er auswarf (+ Tempordner)
(Seitdem ist auch Ruhe mit der Werbung (auch nach Neustart))
__________________

Alt 20.05.2010, 15:47   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adware oder was ist los? - Standard

Adware oder was ist los?



Hallo! Du sollst die Logs posten!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2010, 15:52   #5
Kopfkissen
 
Adware oder was ist los? - Standard

Adware oder was ist los?



Huch! Plötzlich alle Posts in umgekehrter Reihenfolge
Zitat:

OpenOffice lädt man nur von der Originalseite!! Die Seite bitete auch alternative Server und auch den DL über Torrent! Wozu rapidshare!
abends um halb 12 bin ich manchmal ein bisschen... komisch
Und wie gesagt beide laufen grade durch. Auch bei ner schnellen Platte und i7 dauert das ein wenig


Alt 20.05.2010, 16:28   #6
Kopfkissen
 
Adware oder was ist los? - Standard

Adware oder was ist los?



OTL ist durch:
Code:
ATTFilter
OTL Extras logfile created on: 20.05.2010 15:50:53 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Notebook\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,55 Gb Total Space | 182,21 Gb Free Space | 64,49% Space Free | Partition Type: NTFS
Drive D: | 15,24 Gb Total Space | 2,51 Gb Free Space | 16,45% Space Free | Partition Type: NTFS
Drive E: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOTEBOOK-PC
Current User Name: Notebook
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1C3F92D0-3EC5-4CD4-9D5E-1E7834B65BB8}" = Microsoft SQL Server 2008 Native Client
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23170F69-40C1-2702-0913-000001000000}" = 7-Zip 9.13 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE2}" = Paint.NET v3.5.2
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{56BDDC6B-A676-4559-B9D7-D2E19264E80D}" = Cnc4WorldBuilder
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{712538AF-06AE-4F7F-B246-617034495FE6}" = ANNO 1404 (Demo)
"{71E6124C-FA50-447B-B044-47A682627C26}" = Anno 1404 (Demo)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F428768A-BA63-43A5-86E9-7F0CFD174944}" = Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EasyBits Magic Desktop" = Magic Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PyScripter_is1" = PyScripter 1.7.2
"TeamViewer 5" = TeamViewer 5
"TZ Spyware Remover_is1" = TZ Spyware Remover 9.2.0.2
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.04.2010 15:37:52 | Computer Name = Notebook-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KapiRechner.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bcf5408  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385,
 Zeitstempel: 0x4a5bda6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00021933  ID des fehlerhaften
 Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01cae18a1d2199c9  Pfad der
 fehlerhaften Anwendung: C:\Dev-Cpp\KapiRechner.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\msvcrt.dll  Berichtskennung: 5fd5ed1e-4d7d-11df-8894-00269e33955a
 
Error - 21.04.2010 15:38:16 | Computer Name = Notebook-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KapiRechner.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bcf5425  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385,
 Zeitstempel: 0x4a5bda6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00021933  ID des fehlerhaften
 Prozesses: 0x1214  Startzeit der fehlerhaften Anwendung: 0x01cae18a2e424082  Pfad der
 fehlerhaften Anwendung: C:\Dev-Cpp\KapiRechner.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\msvcrt.dll  Berichtskennung: 6db57236-4d7d-11df-8894-00269e33955a
 
Error - 21.04.2010 15:39:02 | Computer Name = Notebook-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KapiRechner.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bcf544e  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385,
 Zeitstempel: 0x4a5bda6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00021933  ID des fehlerhaften
 Prozesses: 0x12b0  Startzeit der fehlerhaften Anwendung: 0x01cae18a4707925c  Pfad der
 fehlerhaften Anwendung: C:\Dev-Cpp\KapiRechner.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\msvcrt.dll  Berichtskennung: 8931d5e0-4d7d-11df-8894-00269e33955a
 
Error - 21.04.2010 15:39:19 | Computer Name = Notebook-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KapiRechner.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bcf544e  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385,
 Zeitstempel: 0x4a5bda6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00021933  ID des fehlerhaften
 Prozesses: 0x1308  Startzeit der fehlerhaften Anwendung: 0x01cae18a5436f1a0  Pfad der
 fehlerhaften Anwendung: C:\Dev-Cpp\KapiRechner.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\msvcrt.dll  Berichtskennung: 939bdb13-4d7d-11df-8894-00269e33955a
 
Error - 22.04.2010 14:05:48 | Computer Name = Notebook-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KapiRechner.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bd08ffb  Name des fehlerhaften Moduls: KapiRechner.exe, Version: 
0.0.0.0, Zeitstempel: 0x4bd08ffb  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00001903
ID
 des fehlerhaften Prozesses: 0x112c  Startzeit der fehlerhaften Anwendung: 0x01cae2466f6d7ae2
Pfad
 der fehlerhaften Anwendung: C:\Dev-Cpp\KapiRechner.exe  Pfad des fehlerhaften Moduls:
 C:\Dev-Cpp\KapiRechner.exe  Berichtskennung: adb6252e-4e39-11df-8002-00269e33955a
 
Error - 22.04.2010 14:09:26 | Computer Name = Notebook-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: KapiRechner.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bd08ffb  Name des fehlerhaften Moduls: KapiRechner.exe, Version: 
0.0.0.0, Zeitstempel: 0x4bd08ffb  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x00001903
ID
 des fehlerhaften Prozesses: 0x828  Startzeit der fehlerhaften Anwendung: 0x01cae246f0f29333
Pfad
 der fehlerhaften Anwendung: C:\Dev-Cpp\KapiRechner.exe  Pfad des fehlerhaften Moduls:
 C:\Dev-Cpp\KapiRechner.exe  Berichtskennung: 2fa26dea-4e3a-11df-8002-00269e33955a
 
Error - 27.04.2010 00:34:12 | Computer Name = Notebook-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be02b  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6cd2
ID
 des fehlerhaften Prozesses: 0xbdc  Startzeit der fehlerhaften Anwendung: 0x01cae5c15dc2a534
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 2059265a-51b6-11df-a519-00269e33955a
 
Error - 27.04.2010 11:43:56 | Computer Name = Notebook-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 03.05.2010 13:38:06 | Computer Name = Notebook-PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e40    Startzeit: 01caeae7589e930e    Endzeit: 3    Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID:
 9deba6df-56da-11df-a2b2-00269e33955a  
 
Error - 07.05.2010 15:09:52 | Computer Name = Notebook-PC | Source = Application Hang | ID = 1002
Description = Programm Settlers7R.exe, Version 1.4.1234.0 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 1570    Startzeit: 01caee09c43d51cb    Endzeit: 580    Anwendungspfad:
 C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe

Berichts-ID:
   
 
[ Media Center Events ]
Error - 09.03.2010 08:45:09 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 13:45:05 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 11.03.2010 02:11:47 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 07:11:46 - Fehler beim Herstellen der Internetverbindung.  07:11:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.03.2010 03:54:33 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 08:54:33 - Fehler beim Herstellen der Internetverbindung.  08:54:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.03.2010 15:50:42 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 20:50:07 - Fehler beim Herstellen der Internetverbindung.  20:50:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.03.2010 16:51:33 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 21:51:33 - Fehler beim Herstellen der Internetverbindung.  21:51:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.03.2010 16:52:04 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 21:52:03 - Fehler beim Herstellen der Internetverbindung.  21:52:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.04.2010 05:23:52 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 11:23:52 - Fehler beim Herstellen der Internetverbindung.  11:23:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.04.2010 05:23:59 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 11:23:57 - Fehler beim Herstellen der Internetverbindung.  11:23:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.05.2010 09:47:26 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 15:47:26 - Fehler beim Herstellen der Internetverbindung.  15:47:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.05.2010 09:47:38 | Computer Name = Notebook-PC | Source = MCUpdate | ID = 0
Description = 15:47:31 - Fehler beim Herstellen der Internetverbindung.  15:47:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 17.04.2010 14:14:34 | Computer Name = Notebook-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 18.04.2010 08:30:13 | Computer Name = Notebook-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 18.04.2010 14:35:34 | Computer Name = Notebook-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 27.04.2010 00:31:09 | Computer Name = Notebook-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 27.04.2010 00:34:13 | Computer Name = Notebook-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 27.04.2010 00:39:47 | Computer Name = Notebook-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst iphlpsvc erreicht.
 
Error - 27.04.2010 00:40:17 | Computer Name = Notebook-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SysMain erreicht.
 
Error - 27.04.2010 08:54:07 | Computer Name = Notebook-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 27.04.2010 11:07:15 | Computer Name = Notebook-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 28.04.2010 11:19:43 | Computer Name = Notebook-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
 
< End of report >
         

Alt 20.05.2010, 16:29   #7
Kopfkissen
 
Adware oder was ist los? - Standard

Adware oder was ist los?



Musste aufteilen wg max. Postlänge
Code:
ATTFilter
OTL logfile created on: 20.05.2010 15:50:53 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Notebook\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,55 Gb Total Space | 182,21 Gb Free Space | 64,49% Space Free | Partition Type: NTFS
Drive D: | 15,24 Gb Total Space | 2,51 Gb Free Space | 16,45% Space Free | Partition Type: NTFS
Drive E: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOTEBOOK-PC
Current User Name: Notebook
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Notebook\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Notebook\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.02 17:46:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.15 14:22:58 | 000,000,000 | ---D | M]
 
[2009.12.30 13:17:57 | 000,000,000 | ---D | M] -- C:\Users\Notebook\AppData\Roaming\mozilla\Extensions
[2010.05.19 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Notebook\AppData\Roaming\mozilla\Firefox\Profiles\uh9tdzal.default\extensions
[2010.05.11 21:41:12 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Notebook\AppData\Roaming\mozilla\Firefox\Profiles\uh9tdzal.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2010.05.19 22:19:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Notebook\AppData\Roaming\mozilla\Firefox\Profiles\uh9tdzal.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.05.19 13:28:50 | 000,000,000 | ---D | M] -- C:\Users\Notebook\AppData\Roaming\mozilla\Firefox\Profiles\uh9tdzal.default\extensions\foxyproxy@eric.h.jung
[2010.05.15 14:22:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.15 14:22:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.27 22:08:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.27 22:08:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.27 22:08:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.27 22:08:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.27 22:08:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.19 20:52:03 | 000,002,248 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com.* 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 crl.verisign.net 
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET.* 
O1 - Hosts: 127.0.0.1 ood.opsource.net 
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net 
O1 - Hosts: 127.0.0.1 practivate.adobe 
O1 - Hosts: 127.0.0.1 practivate.adobe.* 
O1 - Hosts: 19 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Canaveral] C:\Users\Notebook\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Notebook\AppData\Local\Temp\Bwl.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.01 05:47:57 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 05:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 05:43:36 | 000,000,160 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.10.14 10:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{b073c780-a4ae-11de-a22e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b073c780-a4ae-11de-a22e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005.11.01 05:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.20 15:37:54 | 000,000,000 | ---D | C] -- C:\Users\Notebook\AppData\Roaming\Malwarebytes
[2010.05.20 15:37:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.20 15:37:44 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.20 15:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.20 15:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.20 12:05:45 | 001,140,472 | ---- | C] (Infragistics, Inc.) -- C:\Windows\SysWow64\IGUltraGrid20.ocx
[2010.05.20 12:05:45 | 000,512,688 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedCry.dll
[2010.05.20 12:05:45 | 000,423,784 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\Windows\SysWow64\XceedBkp.dll
[2010.05.20 12:05:45 | 000,131,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSADODC.ocx
[2010.05.20 12:05:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systray.ocx
[2010.05.20 12:05:44 | 002,267,368 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\Flash.ocx
[2010.05.20 12:05:44 | 000,265,753 | ---- | C] (Ariad Software) -- C:\Windows\SysWow64\AS-Exp2.ocx
[2010.05.20 12:05:44 | 000,188,416 | ---- | C] (SoftShape Development) -- C:\Windows\SysWow64\actsplash.ocx
[2010.05.20 12:05:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2010.05.20 12:05:44 | 000,089,088 | ---- | C] (Ariad Software) -- C:\Windows\SysWow64\ProgressBar4.ocx
[2010.05.20 12:05:44 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\md5.dll
[2010.05.20 11:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.20 11:17:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.05.19 22:29:47 | 000,000,000 | ---D | C] -- C:\Users\Notebook\AppData\Roaming\WinRAR
[2010.05.19 22:29:27 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.05.19 17:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.05.19 17:39:55 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.05.19 17:35:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.05.19 17:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010.05.19 17:07:10 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.05.15 15:20:45 | 000,000,000 | ---D | C] -- C:\Users\Notebook\Documents\NFS Most Wanted
[2010.05.15 15:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2010.05.15 14:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.15 14:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.05.15 14:22:58 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.05.15 14:22:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.05.15 14:22:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.05.15 14:22:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.05.11 16:05:03 | 000,000,000 | R-SD | C] -- C:\Users\Notebook\Documents\My Stationery
[2010.05.10 19:59:41 | 000,000,000 | ---D | C] -- C:\xampp
[2010.05.04 12:55:55 | 000,000,000 | ---D | C] -- C:\Users\Notebook\Desktop\Data
[2010.04.28 16:22:23 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010.04.28 16:22:19 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.04.28 16:22:19 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010.04.27 20:30:26 | 000,000,000 | ---D | C] -- C:\Users\Notebook\Documents\OneNote-Notizbücher
[2010.04.27 19:33:01 | 000,000,000 | ---D | C] -- C:\Users\Notebook\Neuer Ordner (3)
[2010.04.26 19:37:57 | 000,000,000 | ---D | C] -- C:\Users\Notebook\Documents\Neuer Ordner
[2010.04.26 17:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.20 15:52:50 | 003,407,872 | -HS- | M] () -- C:\Users\Notebook\NTUSER.DAT
[2010.05.20 15:46:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.20 15:37:48 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.20 15:00:53 | 001,465,694 | ---- | M] () -- C:\Users\Notebook\Desktop\Desk.jpg
[2010.05.20 15:00:16 | 001,465,598 | ---- | M] () -- C:\Users\Notebook\Documents\Desk.jpg
[2010.05.20 14:58:52 | 002,042,204 | ---- | M] () -- C:\Users\Notebook\Documents\Desk.psd
[2010.05.20 12:42:20 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 12:42:20 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 12:34:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.20 12:34:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.20 12:34:43 | 3214,053,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.20 12:33:38 | 005,098,139 | -H-- | M] () -- C:\Users\Notebook\AppData\Local\IconCache.db
[2010.05.20 11:17:36 | 000,001,262 | ---- | M] () -- C:\Users\Notebook\Desktop\Spybot - Search & Destroy.lnk
[2010.05.19 23:08:55 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNotebook.job
[2010.05.19 23:08:50 | 004,937,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.19 21:20:07 | 000,001,235 | ---- | M] () -- C:\Users\Notebook\Desktop\Adobe Dreamweaver CS5.lnk
[2010.05.19 20:52:03 | 000,002,248 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.05.19 19:55:32 | 000,001,159 | ---- | M] () -- C:\Users\Notebook\Desktop\Adobe Flash Professional CS5.lnk
[2010.05.19 17:40:52 | 000,098,640 | ---- | M] () -- C:\Users\Notebook\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.19 17:40:10 | 000,001,075 | ---- | M] () -- C:\Users\Notebook\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010.05.19 17:40:07 | 000,010,383 | ---- | M] () -- C:\Users\Notebook\Documents\Todo-IT.docx
[2010.05.13 17:57:13 | 001,655,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.13 17:57:13 | 000,709,178 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.13 17:57:13 | 000,672,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.13 17:57:13 | 000,150,796 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.13 17:57:13 | 000,127,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.11 21:31:32 | 000,013,338 | ---- | M] () -- C:\Users\Notebook\Documents\XSS.docx
[2010.05.07 16:59:45 | 000,012,036 | ---- | M] () -- C:\Users\Notebook\Documents\Selbstauskunft.docx
[2010.05.05 21:43:17 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.05.05 21:43:17 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.05.05 17:42:41 | 000,009,960 | ---- | M] () -- C:\Users\Notebook\Documents\01777232326.docx
[2010.05.04 12:23:37 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.28 16:30:51 | 000,001,680 | ---- | M] () -- C:\Users\Notebook\Desktop\Die Siedler 7.lnk
[2010.04.27 20:30:26 | 000,001,356 | ---- | M] () -- C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.04.27 15:58:04 | 000,011,717 | ---- | M] () -- C:\Users\Notebook\Documents\Unbenannt.png
[2010.04.27 15:33:43 | 000,003,781 | ---- | M] () -- C:\Users\Notebook\Documents\NBK.png
[2010.04.27 15:29:48 | 000,352,751 | ---- | M] () -- C:\Users\Notebook\Documents\Zeugnis_8.1.png
[2010.04.27 15:24:29 | 000,124,230 | ---- | M] () -- C:\Users\Notebook\Documents\Praktikumsbewerbung.pdf
[2010.04.27 15:17:08 | 011,638,054 | ---- | M] () -- C:\Users\Notebook\Documents\Oli Zeugnis.bmp
[2010.04.27 15:08:24 | 000,123,662 | ---- | M] () -- C:\Users\Notebook\Documents\Lebenslauf.pdf
[2010.04.27 15:03:46 | 000,000,334 | ---- | M] () -- C:\Users\Notebook\Documents\Content.png
[2010.04.27 15:01:50 | 000,001,577 | ---- | M] () -- C:\Users\Notebook\Documents\Index.php
[2010.04.27 14:02:41 | 000,013,658 | ---- | M] () -- C:\Users\Notebook\Documents\Lebenslauf.docx
[2010.04.27 06:30:19 | 000,012,341 | ---- | M] () -- C:\Users\Notebook\Documents\bewerbung-praktikum.docx
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.20 15:37:48 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.20 15:00:46 | 001,465,694 | ---- | C] () -- C:\Users\Notebook\Desktop\Desk.jpg
[2010.05.20 15:00:09 | 001,465,598 | ---- | C] () -- C:\Users\Notebook\Documents\Desk.jpg
[2010.05.20 14:58:52 | 002,042,204 | ---- | C] () -- C:\Users\Notebook\Documents\Desk.psd
[2010.05.20 12:05:44 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\ACTSKN43.OCX
[2010.05.20 12:05:44 | 000,011,012 | ---- | C] () -- C:\Windows\SysWow64\threadapi.tlb
[2010.05.20 11:17:36 | 000,001,262 | ---- | C] () -- C:\Users\Notebook\Desktop\Spybot - Search & Destroy.lnk
[2010.05.19 22:58:46 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.19 21:20:07 | 000,001,235 | ---- | C] () -- C:\Users\Notebook\Desktop\Adobe Dreamweaver CS5.lnk
[2010.05.19 19:55:32 | 000,001,159 | ---- | C] () -- C:\Users\Notebook\Desktop\Adobe Flash Professional CS5.lnk
[2010.05.19 17:40:10 | 000,001,075 | ---- | C] () -- C:\Users\Notebook\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2010.05.19 17:40:03 | 000,010,383 | ---- | C] () -- C:\Users\Notebook\Documents\Todo-IT.docx
[2010.05.11 21:31:31 | 000,013,338 | ---- | C] () -- C:\Users\Notebook\Documents\XSS.docx
[2010.05.07 16:59:45 | 000,012,036 | ---- | C] () -- C:\Users\Notebook\Documents\Selbstauskunft.docx
[2010.05.05 21:43:17 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.05.05 21:43:17 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.05.05 17:42:41 | 000,009,960 | ---- | C] () -- C:\Users\Notebook\Documents\01777232326.docx
[2010.04.28 16:30:17 | 000,001,680 | ---- | C] () -- C:\Users\Notebook\Desktop\Die Siedler 7.lnk
[2010.04.27 20:30:26 | 000,001,356 | ---- | C] () -- C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.04.27 15:58:02 | 000,011,717 | ---- | C] () -- C:\Users\Notebook\Documents\Unbenannt.png
[2010.04.27 15:29:47 | 000,352,751 | ---- | C] () -- C:\Users\Notebook\Documents\Zeugnis_8.1.png
[2010.04.27 15:27:50 | 011,638,054 | ---- | C] () -- C:\Users\Notebook\Documents\Oli Zeugnis.bmp
[2010.04.27 15:09:02 | 000,124,230 | ---- | C] () -- C:\Users\Notebook\Documents\Praktikumsbewerbung.pdf
[2010.04.27 15:08:23 | 000,123,662 | ---- | C] () -- C:\Users\Notebook\Documents\Lebenslauf.pdf
[2010.04.27 15:03:46 | 000,000,334 | ---- | C] () -- C:\Users\Notebook\Documents\Content.png
[2010.04.27 15:00:30 | 000,001,577 | ---- | C] () -- C:\Users\Notebook\Documents\Index.php
[2010.04.27 15:00:21 | 000,003,781 | ---- | C] () -- C:\Users\Notebook\Documents\NBK.png
[2010.04.26 21:23:48 | 000,013,658 | ---- | C] () -- C:\Users\Notebook\Documents\Lebenslauf.docx
[2010.04.26 18:01:46 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNotebook.job
[2010.04.21 19:25:54 | 000,012,341 | ---- | C] () -- C:\Users\Notebook\Documents\bewerbung-praktikum.docx
[2010.01.30 00:10:03 | 001,678,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.09.19 02:20:14 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009.09.19 02:20:14 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009.09.19 02:20:14 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009.09.19 02:20:14 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009.09.19 02:20:14 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009.09.19 02:20:14 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009.07.15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
< End of report >
         
[/QUOTE]

Alt 20.05.2010, 16:32   #8
Kopfkissen
 
Adware oder was ist los? - Standard

Adware oder was ist los?



Und der Malwarebit-log:
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4120

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.05.2010 16:31:38
mbam-log-2010-05-20 (16-31-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 354775
Laufzeit: 50 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TZ Remover (Rogue.TZSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TZ Spyware Remover (Rogue.TZSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TZ Spyware Remover_is1 (Rogue.TZSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.

Antwort

Themen zu Adware oder was ist los?
5 minuten, adware, dauert, fenster, gestern, installer, konsole, minute, minuten, neue, neue version, office, open office, rogue.tzspyware, scan, scanner, setup, version, werbung



Ähnliche Themen: Adware oder was ist los?


  1. Malware/Adware oder sonst was
    Plagegeister aller Art und deren Bekämpfung - 25.06.2015 (35)
  2. Buzzdock Adware entfernt (oder doch nicht?)
    Log-Analyse und Auswertung - 27.04.2015 (7)
  3. Adware oder ähnliches
    Alles rund um Windows - 17.02.2015 (1)
  4. yourfile downloader. Virus oder Adware?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2014 (19)
  5. Malware ? Adware ? oder so
    Plagegeister aller Art und deren Bekämpfung - 11.06.2014 (5)
  6. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  7. Frage zu Adware (oder doch Trojaner?)
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (6)
  8. Virus oder unerwünschtes Programm 'ADWARE/BProtector.E'
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (1)
  9. Adware und/oder Virus!
    Log-Analyse und Auswertung - 12.09.2013 (21)
  10. 2x | Adware und/oder Virus!
    Mülltonne - 03.09.2013 (1)
  11. Habe ich mir AdWare oder ähnliches eingefangen?
    Log-Analyse und Auswertung - 15.02.2013 (21)
  12. Pud.Adware.Agent entfernt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (2)
  13. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)
  14. ADWARE/Spigot.APE! ( Sehr Schädlich oder nicht) ?
    Plagegeister aller Art und deren Bekämpfung - 01.06.2011 (7)
  15. hab ich Trojaner/adware/spyware oder sonstiges?
    Mülltonne - 16.03.2007 (0)
  16. Ich hab folgende trojaner oder adware oder was auch immer gefunden!
    Log-Analyse und Auswertung - 23.07.2006 (15)
  17. w32.Adware oder so?!?
    Plagegeister aller Art und deren Bekämpfung - 13.06.2005 (2)

Zum Thema Adware oder was ist los? - Als ich gestern im INet surfte, hab ich mir die neue Version von Open Office geladen.(Über RS, dauert sonst ewig). Als ich den Setup aufmachte, kam ein Konsolenfenster (für 1/2 - Adware oder was ist los?...
Archiv
Du betrachtest: Adware oder was ist los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.