| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: arusb.sys / Blauerbildschirm und FehlermeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.09.2010, 13:49
| #1 |
| |  arusb.sys / Blauerbildschirm und Fehlermeldung Hallo zusammen, erstmal vielen Dank f¸r Eure Hilfe, das Forum hat mir sehr geholfen in vielen F‰llen, aber diesmal finde ich ncihts, deshalb habe ich mich angemeldet und schreibe selber einen Eintrag... So, mein Anliegen. Wenn ich irgendwelche Streams anschauen will, kommt nach zwei bis vier Minuten immer ein blauer Bildschirm, mit einer Fehlermeldung. Die Fehlermeldung besagt zwei Sachen. . arusb.sys (von dort w¸rde ein Fehler ausgehen, laut der Meldung) . PAGE_FAULT_IN_NONPAGED_AREA (keine Ahnung was es zu bedeuten hat) Habe alle Anleitungen befolgt was hier war.. OSAM Gmer defogger Malware Erunt OTL Bevor Ihr mir antwortet, eine Anmerkung noch.. ich bin absoluter Amateur, und arbeite mich stets von Fehler zu Fehler in dieses Thema hier rein...  W‰re nett wenn IHr mir schnellstens helfen kˆnntet und hier sind die Logs.. Und entschuldigt das es so viel ist... habe einfach alles reingepackt, wusste nicht was Ihr brauchen kˆnntet... __________________________________________________________ ___________________________________________________________ GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-11 12:47:35
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOKUME~1\keltos\LOKALE~1\Temp\pwtdypow.sys
---- System - GMER 1.0.15 ----
SSDT F7BA2AE6 ZwCreateKey
SSDT F7BA2ADC ZwCreateThread
SSDT F7BA2AEB ZwDeleteKey
SSDT F7BA2AF5 ZwDeleteValueKey
SSDT F7BA2AFA ZwLoadKey
SSDT F7BA2AC8 ZwOpenProcess
SSDT F7BA2ACD ZwOpenThread
SSDT F7BA2B04 ZwReplaceKey
SSDT F7BA2AFF ZwRestoreKey
SSDT F7BA2AF0 ZwSetValueKey
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
_____________________________________________________________ _____________________________________________________________ defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:13 on 11/09/2010 (keltos) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- __________________________________________________ ____________________________________________________ defogger_enable by jpshortstuff (23.02.10.1) Log created at 12:12 on 11/09/2010 (keltos) Parsing file... -=E.O.F=- ________________________________________ ______________________________________ OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.09.2010 12:54:16 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\keltos\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
959,00 Mb Total Physical Memory | 526,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 159,19 Gb Free Space | 68,36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SASKIA
Current User Name: keltos
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"D:\EasySetupAssistant\EasySetupAssistant.exe" = D:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant -- File not found
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7B01FD07-1790-4EE9-B5E0-149527D70C7D}" = Nokia Ovi Suite
"{7B1A270C-6126-4617-9F2C-CA07889AB4AF}" = QSS-Installationsprogramm
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5F55747-2B88-4F02-82FE-A7CD11FD9A7D}" = TL-WN821N-Drahtlos-Tool
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CAB611A6-6460-4134-92E0-61435FD50018}" = QSS-Installationsprogramm
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E74A1D67-FFFE-4A15-9287-50B3C0465454}" = TL-WN821N-Drahtlos-Tool
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Recuva" = Recuva (remove only)
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 24
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 24
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 24
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 24
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 25
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 25
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 25
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 25
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 25
Error - 10.09.2010 14:06:17 | Computer Name = SASKIA | Source = OviSuite | ID = 1
Description = 10/09/2010 20:06:17 (OviSuite) - ERROR - ContactsPlugin, Thread
GUI, Line 161, .\Application\LocalizedStrings.cpp, CLocalizedStrings::getString():
Not correct order of ELocalizedString::eStringType = 25
[ System Events ]
Error - 11.09.2010 04:13:53 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.09.2010 04:13:53 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.09.2010 04:36:34 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.09.2010 04:36:34 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.09.2010 04:37:18 | Computer Name = SASKIA | Source = System Error | ID = 1003
Description = Fehlercode 10000050, 1. Parameter f7c0515a, 2. Parameter 00000001,
3. Parameter f69c5f60, 4. Parameter 00000000.
Error - 11.09.2010 05:42:44 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7034
Description = Dienst "TP-LINK-Konfigurationsdienst" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 11.09.2010 05:42:44 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 11.09.2010 05:42:44 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7034
Description = Dienst "ServiceLayer" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 11.09.2010 05:45:29 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.09.2010 05:45:29 | Computer Name = SASKIA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
___________________________________________________________ _______________________________________________________________ Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4594 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 11.09.2010 12:07:00 mbam-log-2010-09-11 (12-07-00).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 134523 Laufzeit: 7 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschl¸ssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bˆsartigen Objekte gefunden) Infizierte Speichermodule: (Keine bˆsartigen Objekte gefunden) Infizierte Registrierungsschl¸ssel: (Keine bˆsartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bˆsartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bˆsartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bˆsartigen Objekte gefunden) Infizierte Dateien: (Keine bˆsartigen Objekte gefunden) ___________________________________________________________ ____________________________________________________________OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:29:12 on 11.09.2010 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.9 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl (File signed by Microsoft | File found, but it contains no detailed information) "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Atheros Wireless Network Adapter Service(TP-LINK)" (arusb(TP-LINK)) - "Atheros Communications, Inc." - C:\WINDOWS\System32\DRIVERS\arusb.sys "AV301P" (ovt530) - ? - C:\WINDOWS\System32\Drivers\ov530vid.sys (File not found) "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\WINDOWS\System32\BCM42RLY.SYS "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DgiVecp" (DgiVecp) - ? - C:\WINDOWS\system32\Drivers\DgiVecp.sys (File not found) "GTNDIS5 NDIS Protocol Driver" (GTNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\GTNDIS5.SYS "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Linksys Home Wireless-G USB Adapter Driver" (RT73) - "Ralink Technology, Corp." - C:\WINDOWS\System32\DRIVERS\rt73.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File signed by Microsoft | File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "SSPORT" (SSPORT) - ? - C:\WINDOWS\system32\Drivers\SSPORT.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "wsimd Service" (WSIMD) - "Atheros Communications, Inc." - C:\WINDOWS\System32\DRIVERS\wsimd.sys "ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung f¸r Anzeigeverschiebung" - ? - deskpan.dll (File not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmen¸ f¸r die Verschl¸sselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen f¸r die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Programme\Orbitdownloader\orbitcth.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmen¸\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmen¸\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmen¸\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\keltos\Startmen¸\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "NokiaOviSuite2" - "Nokia" - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" "HwBtnDetector" - ? - C:\Programme\TP-LINK\QSS\HwBtnDetector.exe "jswtrayutil" - "TP-LINK TECHNOLOGIES CO., LTD." - C:\Programme\TP-LINK\QSS\jswtrayutil.exe "NokiaMServer" - "Nokia" - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup "Ovt Wia" - ? - C:\WINDOWS\OV530EM.exe (File not found) "Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TWCU" - "TP-LINK" - C:\Programme\TP-LINK\TL-WN821N\TWCU.exe -nogui [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "TP-LINK Wireless LAN" - ? - C:\WINDOWS\system32\athgina.dll (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Programme\TP-LINK\QSS\jswpsapi.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "TP-LINK-Konfigurationsdienst" (ACS) - "Atheros" - C:\WINDOWS\system32\acs.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru __________________________________________________________ ___________________________________________________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.09.2010 12:54:16 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\keltos\Desktop\MFTools Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 959,00 Mb Total Physical Memory | 526,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 159,19 Gb Free Space | 68,36% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SASKIA Current User Name: keltos Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.09.11 11:39:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\keltos\Desktop\MFTools\OTL.exe PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.06.18 15:37:48 | 000,671,608 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.06.09 01:47:48 | 001,531,904 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe PRC - [2010.06.07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.05.11 11:11:58 | 000,134,144 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.17 11:23:54 | 000,272,896 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Nokia\NoA\nokiaaserver.exe PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2009.07.29 10:37:34 | 000,557,148 | ---- | M] (TP-LINK) -- C:\Programme\TP-LINK\TL-WN821N\TWCU.exe PRC - [2008.05.27 04:21:04 | 000,467,029 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe PRC - [2008.05.12 08:36:46 | 000,036,949 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Programme\TP-LINK\QSS\jswtrayutil.exe PRC - [2008.02.29 14:26:00 | 000,028,672 | ---- | M] () -- C:\Programme\TP-LINK\QSS\HwBtnDetector.exe PRC - [2005.09.22 16:42:24 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2002.12.31 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.09.11 11:39:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\keltos\Desktop\MFTools\OTL.exe MOD - [2002.12.31 14:00:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2002.12.31 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.05.27 04:21:04 | 000,467,029 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2008.04.16 15:52:18 | 000,356,434 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\TP-LINK\QSS\jswpsapi.exe -- (jswpsapi) SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ov530vid.sys -- (ovt530) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.12.01 10:32:24 | 000,458,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arusb.sys -- (arusb(TP-LINK)) Atheros Wireless Network Adapter Service(TP-LINK) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.02.22 16:16:08 | 000,024,360 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2007.12.13 20:31:02 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD) DRV - [2007.08.28 22:46:02 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD) DRV - [2006.01.12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2005.09.22 16:34:18 | 003,727,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.07.29 17:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005.07.29 17:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005.02.01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY) DRV - [2004.08.04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2003.09.25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.06.24 10:06:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.08 18:59:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.08 18:59:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.06.24 10:06:27 | 000,000,000 | ---D | M] [2010.07.08 11:32:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Mozilla\Extensions [2010.07.08 11:32:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.10 15:27:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Mozilla\Firefox\Profiles\hq6bau8i.default\extensions [2010.09.10 15:19:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.18 23:25:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.14 11:04:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.07.22 21:59:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.22 21:59:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.22 21:59:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.22 21:59:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.22 21:59:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.21 20:52:55 | 000,392,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13564 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HwBtnDetector] C:\Programme\TP-LINK\QSS\HwBtnDetector.exe () O4 - HKLM..\Run: [jswtrayutil] C:\Programme\TP-LINK\QSS\jswtrayutil.exe (TP-LINK TECHNOLOGIES CO., LTD.) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [Ovt Wia] C:\WINDOWS\OV530EM.exe File not found O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TL-WN821N\TWCU.exe (TP-LINK) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaOviSuite2] C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\keltos\Startmen¸\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Gr¸ne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Gr¸ne Idylle.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.04.08 15:25:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (54619756233228288) ========== Files/Folders - Created Within 90 Days ========== [2010.09.11 12:16:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Desktop\Gmer [2010.09.11 11:57:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.09.11 11:56:37 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.09.11 11:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Malwarebytes [2010.09.11 11:40:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.11 11:40:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.09.11 11:40:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.11 11:40:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.11 11:39:48 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.09.11 11:39:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Desktop\MFTools [2010.09.10 14:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\GrabPro [2010.09.10 14:54:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\ProgSense [2010.09.10 14:54:57 | 000,000,000 | ---D | C] -- C:\Downloads [2010.09.10 14:54:46 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader [2010.09.10 14:54:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Orbit [2010.09.10 14:28:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\dwhelper [2010.09.04 17:48:45 | 000,038,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50a64.sys [2010.09.04 17:48:45 | 000,024,360 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50.sys [2010.09.04 17:48:38 | 000,057,344 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscimd.sys [2010.09.04 17:48:38 | 000,057,344 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\jswscimd.sys [2010.09.04 17:48:35 | 000,405,583 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscsup.dll [2010.09.04 17:47:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Atheros [2010.09.04 17:47:32 | 000,467,029 | ---- | C] (Atheros) -- C:\WINDOWS\System32\acs.exe [2010.09.04 17:47:19 | 001,265,758 | R--- | C] (Devicescape) -- C:\WINDOWS\System32\dsa.dll [2010.09.04 17:47:19 | 000,401,408 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapi.dll [2010.09.04 17:47:19 | 000,352,348 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wcapiU.dll [2010.09.04 17:47:19 | 000,307,295 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20U.dll [2010.09.04 17:47:19 | 000,254,023 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsfwDS.dll [2010.09.04 17:47:19 | 000,249,925 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.dll [2010.09.04 17:47:19 | 000,241,664 | ---- | C] (Atheros) -- C:\WINDOWS\System32\athcfg20.dll [2010.09.04 17:47:19 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20resU.dll [2010.09.04 17:47:19 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg20res.dll [2010.09.04 17:47:19 | 000,094,208 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\athcfg11resloc.dll [2010.09.04 17:47:19 | 000,082,017 | R--- | C] (Devicescape, Inc.) -- C:\WINDOWS\System32\dsaNac.dll [2010.09.04 17:47:19 | 000,081,920 | ---- | C] (Atheros) -- C:\WINDOWS\System32\wgapiloc.dll [2010.09.04 17:47:19 | 000,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\wsimd.sys [2010.09.04 17:47:19 | 000,057,408 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\wsimd.sys [2010.09.04 17:47:19 | 000,000,000 | ---D | C] -- C:\Programme\TP-LINK [2010.09.04 17:46:59 | 000,458,240 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\arusb_xp.sys [2010.09.04 17:46:59 | 000,458,240 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\arusb.sys [2010.09.04 17:35:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2010.09.01 13:18:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Eigene Dateien\Neuer Ordner [2010.08.14 11:05:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.07 15:21:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.07.19 11:15:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\Apple Computer [2010.07.19 11:15:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Apple Computer [2010.07.19 11:15:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\Apple [2010.07.19 11:00:59 | 000,000,000 | ---D | C] -- C:\Programme\FreePDF_XP [2010.07.19 11:00:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\FreePDF [2010.07.18 18:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2010.07.11 16:59:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\dvdcss [2010.07.08 11:32:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\Thunderbird [2010.07.08 11:32:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Thunderbird [2010.07.06 21:16:06 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll [2010.07.06 21:16:06 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssusbpn.dll [2010.07.06 21:16:06 | 000,000,000 | ---D | C] -- C:\Programme\SamsungPrinterLiveUpdate [2010.07.06 21:16:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Samsung [2010.07.06 21:15:25 | 000,151,552 | ---- | C] (SS) -- C:\WINDOWS\System32\ssp4mci.exe [2010.07.06 21:15:25 | 000,065,536 | ---- | C] (SS) -- C:\WINDOWS\System32\ssp4mci.dll [2010.07.06 21:14:33 | 000,000,000 | ---D | C] -- C:\Programme\Samsung [2010.07.02 19:30:35 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2010.07.02 19:30:35 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2010.07.02 19:30:35 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2010.07.02 19:30:35 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2010.07.02 19:30:34 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2010.07.02 19:30:34 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2010.07.02 19:30:34 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2010.07.02 19:30:34 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2010.07.02 19:30:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\FreeAudioPack [2010.07.02 19:30:31 | 000,000,000 | ---D | C] -- C:\Programme\Free Audio Pack [2010.07.02 01:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2010.07.02 01:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2010.07.02 01:28:10 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2010.07.02 01:26:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2010.07.02 01:26:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2010.06.25 23:22:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\vlc [2010.06.25 12:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira [2010.06.24 10:11:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\NokiaAccount [2010.06.24 10:10:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\Nokia [2010.06.24 10:06:11 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2010.06.24 10:04:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010.06.24 10:04:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010.06.24 10:01:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2010.06.23 15:53:10 | 000,000,000 | ---D | C] -- C:\Programme\ReflexiveArcade [2010.06.23 15:53:07 | 000,000,000 | ---D | C] -- C:\Programme\Shockwave.com [2010.06.23 11:40:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Zylom [2010.06.23 11:40:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2010.06.21 21:01:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\keltos\Eigene Dateien\nokia [2010.06.21 20:47:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.06.21 20:37:43 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2010.06.21 20:37:43 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2010.06.21 20:37:42 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2010.06.21 20:37:41 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2010.06.21 20:37:41 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2010.06.21 20:36:04 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0 [2010.06.21 20:12:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Desktop\100IMAGE [2010.06.19 15:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2010.06.19 15:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.06.19 14:50:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak [2010.06.18 22:53:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2010.06.18 22:53:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010.06.18 19:35:34 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.06.18 16:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2010.06.17 09:37:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\keltos\Eigene Dateien\Kontodaten ========== Files - Modified Within 90 Days ========== [2010.09.11 12:13:32 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\defogger_reenable [2010.09.11 12:10:56 | 009,437,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\keltos\NTUSER.DAT [2010.09.11 11:57:51 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\Startmen¸\Programme\Autostart\ERUNT AutoBackup.lnk [2010.09.11 11:57:50 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\Desktop\NTREGOPT.lnk [2010.09.11 11:57:50 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\Desktop\ERUNT.lnk [2010.09.11 11:46:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.11 11:45:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.11 11:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.11 11:44:36 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\keltos\ntuser.ini [2010.09.11 11:40:16 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.11 11:39:34 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\Desktop\defogger.exe [2010.09.11 11:39:29 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\Desktop\Gmer.zip [2010.09.11 11:28:33 | 000,042,171 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\Desktop\osam.html [2010.09.10 23:20:07 | 001,969,980 | -H-- | M] () -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.09.10 15:17:37 | 000,179,200 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.01 10:49:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.01 16:38:01 | 000,000,936 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.19 11:16:37 | 000,055,784 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2010.07.19 10:31:50 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini [2010.07.08 22:28:21 | 000,068,528 | ---- | M] () -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.07.08 13:48:28 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.02 01:29:09 | 001,045,226 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.02 01:29:09 | 000,451,906 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.02 01:29:09 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.02 01:29:09 | 000,081,102 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.02 01:29:09 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.02 01:27:57 | 000,000,218 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf [2010.07.02 01:25:17 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.06.25 23:22:18 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.06.24 12:56:05 | 000,000,021 | ---- | M] () -- C:\WINDOWS\popcinfot.dat [2010.06.24 12:56:04 | 000,000,017 | ---- | M] () -- C:\WINDOWS\popcinfo.dat [2010.06.24 10:13:04 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2010.06.24 10:13:00 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf [2010.06.24 10:04:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.06.23 23:08:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat [2010.06.21 20:53:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.06.21 20:53:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.06.21 19:14:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010.06.21 19:14:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf ========== Files Created - No Company Name ========== [2010.09.11 12:13:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\keltos\defogger_reenable [2010.09.11 11:56:56 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\keltos\Startmen¸\Programme\Autostart\ERUNT AutoBackup.lnk [2010.09.11 11:56:38 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\keltos\Desktop\NTREGOPT.lnk [2010.09.11 11:56:38 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\keltos\Desktop\ERUNT.lnk [2010.09.11 11:40:16 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.11 11:39:34 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\keltos\Desktop\defogger.exe [2010.09.11 11:39:29 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\keltos\Desktop\Gmer.zip [2010.09.11 11:28:33 | 000,042,171 | ---- | C] () -- C:\Dokumente und Einstellungen\keltos\Desktop\osam.html [2010.09.04 17:48:38 | 000,027,298 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.cat [2010.09.04 17:48:38 | 000,026,869 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.cat [2010.09.04 17:48:38 | 000,005,529 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.inf [2010.09.04 17:48:38 | 000,002,231 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.inf [2010.09.04 17:47:32 | 000,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll [2010.09.04 17:47:19 | 000,401,552 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll [2010.09.04 17:47:19 | 000,010,210 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.cat [2010.09.04 17:47:19 | 000,010,208 | ---- | C] () -- C:\WINDOWS\System32\wsimd.cat [2010.09.04 17:47:19 | 000,005,362 | ---- | C] () -- C:\WINDOWS\System32\wsimdp.inf [2010.09.04 17:47:19 | 000,002,179 | ---- | C] () -- C:\WINDOWS\System32\wsimd.inf [2010.09.04 17:46:58 | 000,041,760 | ---- | C] () -- C:\WINDOWS\System32\arusb_xp.inf [2010.09.04 17:46:58 | 000,011,893 | R--- | C] () -- C:\WINDOWS\System32\arusb_xp.cat [2010.07.19 11:16:37 | 000,055,784 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.07.06 21:16:07 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2010.07.06 21:15:36 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.dll [2010.07.06 21:15:36 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\ssp4ml3.smt [2010.07.06 21:14:33 | 000,133,757 | ---- | C] () -- C:\WINDOWS\SmartCMS2.ico [2010.07.06 21:14:33 | 000,011,502 | ---- | C] () -- C:\WINDOWS\Dr. Printer Icon.ico [2010.07.06 21:14:33 | 000,005,430 | ---- | C] () -- C:\WINDOWS\AnyWeb Print.ico [2010.07.02 19:30:35 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2010.07.02 19:30:31 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2010.07.02 01:29:01 | 000,158,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.07.02 01:27:57 | 000,000,218 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf [2010.06.25 23:22:18 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.06.24 10:13:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2010.06.24 10:13:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf [2010.06.24 10:04:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010.06.23 23:08:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2010.06.23 23:08:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat [2010.06.23 11:41:11 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2010.06.21 20:53:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010.06.21 20:53:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.06.21 19:14:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf [2010.06.21 19:14:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010.04.18 20:18:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2010.04.11 13:34:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.04.10 11:27:17 | 000,179,200 | ---- | C] () -- C:\Dokumente und Einstellungen\keltos\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.09 21:26:19 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010.04.09 21:26:11 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2010.04.08 15:55:49 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2002.12.31 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys ========== LOP Check ========== [2010.04.10 10:42:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2010.06.21 20:38:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2010.04.10 20:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! [2010.06.21 20:47:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.06.24 10:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2010.06.24 10:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.09.04 17:47:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2010.06.23 11:40:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2010.04.19 16:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Ashampoo [2010.08.07 15:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.07.02 19:30:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\FreeAudioPack [2010.09.10 14:55:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\GrabPro [2010.05.01 18:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Miranda [2010.06.24 10:11:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Nokia [2010.09.10 23:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Orbit [2010.06.21 20:17:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\PC Suite [2010.09.10 14:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\ProgSense [2010.07.08 11:32:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Thunderbird [2010.07.18 17:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\WordToPDF [2010.06.23 11:40:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\keltos\Anwendungsdaten\Zylom ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.04.08 15:25:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010.04.08 15:20:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2002.12.31 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2010.04.08 15:25:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010.04.08 15:25:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.04.08 15:25:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2002.12.31 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2002.12.31 14:00:00 | 000,251,184 | RHS- | M] () -- C:\ntldr [2010.09.11 11:45:21 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2010.04.08 15:25:21 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll [2008.07.06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe [2009.03.02 13:01:45 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ssp4mpc.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.04.08 16:51:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.04.08 16:51:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.04.08 16:51:17 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\user32.dll /md5 > [2002.12.31 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2002.12.31 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=D569240A22421D5F670BB6FB6DD522B5 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2002.12.31 14:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=B3ADA72D1E3E10A8F6430669DFC38ED0 -- C:\WINDOWS\system32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-21 08:05:42 < End of report > _______________________________________________________ _________________________________________________________ netsvcs msconfig drivers32 /all %SYSTEMDRIVE%\*.* %systemroot%\system32\*.wt %systemroot%\system32\*.ruy %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\system32\spool\prtprocs\w32x86\*.* %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.* %APPDATA%\Update\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 %systemroot%\system32\ws2help.dll /md5 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs [/CODE] |
|
11.09.2010, 14:37
| #2 |
  | arusb.sys / Blauerbildschirm und Fehlermeldung Hallo knuffig (BTW: Knuffiger Nick) aka Saskia und
__________________ Die Meldung kommt (vermutlich) von deinem WLAN-Stick. Es kann ein vermurkstes Windows sein oder ein zerschossener Treiber (oder Hardwareprobleme, das wäre dann übel). Und du bist meiner Meinung auch im falschen Forum gelandet, denn es finden sich keine Hinweise auf Schädlinge. Versuche erstmal Folgendes: 1.) Lade und installiere MSIE8 => Internet Explorer 8: Startseite 2.) Rufe mit dem MSIE folgende Seite auf => Microsoft Windows Update und führe alle Updates durch (nur die Sicherheits und Treiberupdates). 3.) Versuche die Streams mit einem anderen Browser anzuschauen, entweder mit dem neuen MSIE oder Opera Web Browser | Faster & safer | Download the new Internet browsers free. Berichte, ob das Besserung gebracht hat. ciao, andreas
__________________ |
|
11.09.2010, 22:28
| #3 | |
| | arusb.sys / Blauerbildschirm und FehlermeldungZitat:
Erstmal vielen Dank Andreas für Deine rasche Antwort.. und nochmals vielen Dank dafür das Du mir dennoch antwortest, obwohl es noch nichtmal in das Forum gehört...  So nun zum Problem... nachdem Du das mit dem WLan-stick gesagt hast, habe ich es gegoogelt.. wie es aussieht gab es solche Fehler, aber immer bei anderen Modellen, jetzt werde ich weitersuche müssen... Und habe auch einige Sachen nicht ganz verstanden um ehrlich zu sein. Ich habe IE instaliert und damit scheint es zur Zeit zu funktionieren.. aber ich bin damals zu Mozilla gegangen weil es schneller war und Benutzerfreundlicher und sicher... jetzt wieder zu IE ist mir ehrlich gesagt flau im Magen...  P.S. wenn es Dich interessieren sollte, mein Stick lautet TP-Link WN821N |
|
12.09.2010, 12:59
| #4 | |
| | arusb.sys / Blauerbildschirm und FehlermeldungZitat:
Nachtrag... es ist schlimmer geworden.. ich kann nochnichtmal Youtube ode Google-Videos gucken.. Es wird jedesmal nach einpaar Minuten Blau... Habe IE instaliert und auch Opera.. und bei beiden habe ich nun das selbe Problem.... ohmann und das an einem Sonntag... somit beginnt die Woche wie die letzte.. einfach nur schrott...  |
|
| Themen zu arusb.sys / Blauerbildschirm und Fehlermeldung |
| 0x00000001, 7-zip, antivir guard, arusb.sys, ausgehen, avira, bho, bildschirm, blauerbildschirm, browser, c:\windows\system32\rundll32.exe, components, converter, desktop, desktop.ini, diagnostics, downloader, error, excel, excel.exe, fehlercode 1, fehlercode 10, firefox.exe, flash player, fontcache, helper, home, jusched.exe, location, logfile, microsoft office word, mp3, oldtimer, page_fault, page_fault_in_nonpaged_area, plug-in, realtek, recuva, registry, registry key, safer networking, saver, scan, searchplugins, security, sehr geholfen, senden, service pack 1, shell32.dll, software, studio, system, system error, vlc media player, windows internet, windows internet explorer, wireless lan, wma |
Linear-Darstellung
