You are not logged in.

Thursday, April 24th 2014, 8:16am

Dear visitor, welcome to Avira Support Forum. If this is your first visit here, please read the Help. It explains in detail how this page works. To use all features of this page, you should consider registering. Please use the registration form, to register here or read more information about the registration process. If you are already registered, please login here.

  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

1

Sunday, November 1st 2009, 1:16pm

brauche hilfe

hallo,
ich breuchte mal hilfe antivir findet nix aber es öffnen sich einfach irgentwelche seiten die ich garnicht kenne

wie bekomm ich das weg bitte schnell helfen

markusg

Community member

Date of registration:
Mar 12th 2006

  • Send private message

2

Sunday, November 1st 2009, 1:21pm

also schnell gibts erst mal nichts...
lade OTL.exe:
http://oldtimer.geekstogo.com/OTL.exe
wähle bei output minimal aus.
Unter Extra Registry, wähle bitte Use SafeList
poste beide logs.
evtl. auf mehrere Antworten aufteilen.

  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

3

Sunday, November 1st 2009, 1:27pm

danke im vorraus

  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

4

Sunday, November 1st 2009, 6:53pm

sry aber ich bekomme es nicht aufgeteilt könnt ich dir die datei nicht irgentwie schiken ?

A.Novize

Community member

Date of registration:
Oct 4th 2006

Version:
Avira Antivirus Premium
Avira Internet Security
Avira Free Mac Security

Operating System:
Mac OS X 10.6.8 / Windows 7 Home Premium 32Bit auf Mac via Parallels VM/ Windows 7 Ultimate 64Bit/ Ubuntu 13.10

  • Send private message

5

Sunday, November 1st 2009, 6:59pm

...edit...
Gruß, Novize.

Hijack This 2.0.4* VirusTotal * SWH deaktivieren * Malwarebytes (incl.Tutorial) *CCleaner (Slim!)AVIRA on YouTube
Fragen sind im Forum, wo viele Wissende zugegen, besser aufgehoben- bitte nicht per PN ! Danke.

This post has been edited 1 times, last edit by "A.Novize" (Nov 1st 2009, 7:00pm)


  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

6

Sunday, November 1st 2009, 7:01pm

im ersten dokument steht :
OTL logfile created on: 01.11.2009 13:28:07 - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Dokumente und Einstellungen\Flo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,60% Memory free
3,35 Gb Paging File | 2,54 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 44,53 Gb Free Space | 19,12% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 99,90 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
Drive E: | 3,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLORIAN
Current User Name: Flo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Flo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\advhost.exe ()
PRC - C:\WINDOWS\system32\advhost.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Programme\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\TP-LINK\TWCU\TWCU.exe ()
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - C:\WINDOWS\system32\acs.exe ()
SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - C:\WINDOWS\system32\drivers\ISODisk.sys ()
DRV - C:\WINDOWS\system32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - C:\WINDOWS\system32\drivers\secdrv.sys ()
DRV - C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Flo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\adlaunch32.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.07.03 12:41:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.10.29 19:11:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.29 19:11:24 | 00,000,000 | ---D | M]

[2009.09.30 14:30:20 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\Mozilla\Firefox\Profiles\8rs02akc.default\extensions\battlefieldheroespatcher@ea.com
[2009.11.01 09:46:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\Mozilla\Firefox\Profiles\8rs02akc.default\extensions
[2009.03.19 19:25:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.03.19 19:25:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\Mozilla\Extensions
[2009.03.19 19:25:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\Mozilla\Extensions
[2009.03.19 19:25:35 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.01 09:46:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\Mozilla\Firefox\Profiles\8rs02akc.default\extensions
[2009.09.30 14:30:20 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Flo\Anwendungsdaten\Mozilla\Firefox\Profiles\8rs02akc.default\extensions\battlefieldheroespatcher@ea.com
[2009.07.03 12:42:07 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009.01.06 23:18:46 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.10.29 19:11:24 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.01 13:04:53 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.01 13:04:53 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.29 19:11:24 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.01.06 23:18:46 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.07.03 12:42:07 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009.10.29 19:11:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.10.29 19:11:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.07.03 12:41:59 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2009.10.29 19:11:22 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2009.04.05 09:04:01 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009.02.27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
[2009.03.24 20:51:23 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.03.24 20:51:23 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.03.24 20:51:23 | 00,001,706 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.03.24 20:51:23 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.03.24 20:51:23 | 00,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.03.24 20:51:23 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

7

Sunday, November 1st 2009, 7:02pm

O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\System32\msxml71.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TWCU\TWCU.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [Cognac] C:\DOKUME~1\Flo\LOKALE~1\Temp\b.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_de/?url=
O13 - www Prefix: http://www.myhottersearchbox.com/not_found_de/?url=
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\adlaunch32.dll) - C:\WINDOWS\system32\adlaunch32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - about:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.02 20:21:51 | 00,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{ad142bd3-f52f-11dd-b39f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ad142bd3-f52f-11dd-b39f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad142bd3-f52f-11dd-b39f-806d6172696f}\Shell\AutoRun\command - "" = E:\LaunchBFII.exe -- [2005.09.23 23:54:10 | 00,557,056 | R--- | M] ()
O33 - MountPoints2\A\Shell - "" = AutoRun
O33 - MountPoints2\A\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\A\Shell\AutoRun\command - "" = A:\mystv.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.11.01 13:26:45 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Flo\Desktop\OTL.exe
[2009.10.30 07:44:42 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Flo\Desktop\Alles DS
[2009.10.30 07:43:14 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Flo\Desktop\Monster Hunter
[2009.10.30 07:42:00 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Flo\Desktop\psp filme
[2009.10.06 15:21:47 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Flo\Desktop\Deutsch
[2009.10.05 18:25:00 | 00,000,000 | ---D | C] -- C:\Programme\GameHi_USA
[2009.10.04 15:58:30 | 00,000,000 | ---D | C] -- C:\Download
[2009.10.04 15:58:21 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Anwendungsdaten\Kamuse
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.11.01 13:26:46 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Flo\Desktop\OTL.exe
[2009.11.01 13:00:00 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2009.11.01 10:19:18 | 04,718,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Flo\NTUSER.DAT
[2009.10.31 21:55:46 | 00,086,040 | ---- | M] () -- C:\WINDOWS\System32\adlaunch32.dll
[2009.10.31 21:55:43 | 00,991,248 | ---- | M] () -- C:\WINDOWS\System32\advhost.exe
[2009.10.31 21:54:38 | 00,086,040 | ---- | M] () -- C:\WINDOWS\System32\adlaunch32.dll{C2BFE2E5-FE59-47C6-88EA-3AD2F66C6431}
[2009.10.31 21:54:36 | 00,991,248 | ---- | M] () -- C:\WINDOWS\System32\advhost.exe{9BCDE513-E682-473E-8E0D-7E2300F198C7}
[2009.10.31 21:53:48 | 00,086,040 | ---- | M] () -- C:\WINDOWS\System32\adlaunch32.dll{71340310-D39C-4F8E-9D91-CCF29E1CD322}
[2009.10.31 21:53:46 | 00,991,248 | ---- | M] () -- C:\WINDOWS\System32\advhost.exe{AB17B220-D15B-4E28-A3A5-D8EC17BF0AA7}
[2009.10.31 20:17:17 | 00,938,288 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.31 20:17:17 | 00,405,118 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.10.31 20:17:17 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.10.31 20:17:17 | 00,070,580 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.10.31 20:17:17 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.10.31 20:13:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.31 20:13:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.29 17:33:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.10.25 11:04:19 | 00,139,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.10.25 11:04:05 | 00,190,216 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009.10.25 11:04:05 | 00,190,216 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.10.15 13:01:05 | 01,574,860 | -H-- | M] () -- C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.10.06 19:15:02 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.10.31 21:53:48 | 00,086,040 | ---- | C] () -- C:\WINDOWS\System32\adlaunch32.dll{C2BFE2E5-FE59-47C6-88EA-3AD2F66C6431}
[2009.10.31 21:53:48 | 00,086,040 | ---- | C] () -- C:\WINDOWS\System32\adlaunch32.dll{71340310-D39C-4F8E-9D91-CCF29E1CD322}
[2009.10.31 21:53:48 | 00,086,040 | ---- | C] () -- C:\WINDOWS\System32\adlaunch32.dll
[2009.10.31 21:53:46 | 00,991,248 | ---- | C] () -- C:\WINDOWS\System32\advhost.exe{AB17B220-D15B-4E28-A3A5-D8EC17BF0AA7}
[2009.10.31 21:53:46 | 00,991,248 | ---- | C] () -- C:\WINDOWS\System32\advhost.exe{9BCDE513-E682-473E-8E0D-7E2300F198C7}
[2009.10.31 21:53:46 | 00,991,248 | ---- | C] () -- C:\WINDOWS\System32\advhost.exe
[2009.08.20 15:59:36 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.07.10 12:31:41 | 00,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.07.04 13:22:23 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2009.06.07 17:33:34 | 00,139,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.06.04 19:20:07 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2009.05.08 09:13:04 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.04.30 15:00:12 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.03.14 15:39:30 | 00,000,031 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.01.08 11:41:06 | 00,002,943 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.01.08 11:35:38 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.01.07 19:32:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.01.07 17:22:42 | 00,004,445 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.01.07 17:22:38 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.01.07 16:55:16 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009.01.07 14:56:41 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.07 14:56:36 | 00,042,496 | ---- | C] () -- C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.07 13:59:07 | 00,013,688 | ---- | C] () -- C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009.01.07 13:47:46 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009.01.05 19:37:07 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2009.01.05 19:17:47 | 01,574,860 | -H-- | C] () -- C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.01.05 18:48:15 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2008.10.07 13:33:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.10.07 13:33:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.10.07 13:33:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.10.07 13:33:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002.03.25 19:02:14 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.08.18 20:00:00 | 00,000,487 | ---- | C] () -- C:\WINDOWS\win.ini
[2001.08.18 20:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Flo\Desktop\ROMSetup-1a.bin:SummaryInformation
< End of report >

  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

8

Sunday, November 1st 2009, 7:03pm

und in dem zweiten ducument steht:
OTL Extras logfile created on: 01.11.2009 13:28:07 - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Dokumente und Einstellungen\Flo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,60% Memory free
3,35 Gb Paging File | 2,54 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 44,53 Gb Free Space | 19,12% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 99,90 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
Drive E: | 3,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLORIAN
Current User Name: Flo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57920:TCP" = 57920:TCP:*:Enabled:Pando Media Booster
"57920:UDP" = 57920:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:Orb -- File not found
"C:\Programme\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe" = C:\Programme\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate -- File not found
"C:\Programme\Cossacks - Back To War\dmcr.exe" = C:\Programme\Cossacks - Back To War\dmcr.exe:*:Enabled:dmcr -- (-GSC-)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\alaplaya\S4League\S4Client.exe" = C:\Programme\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe -- ()
"C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 83a587e0\Launcher.exe" = C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 83a587e0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 08378fb8\Launcher.exe" = C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 08378fb8\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- File not found
"C:\Dokumente und Einstellungen\Flo\Desktop\FOGDownloaderDE-RunesOfMagic(2).exe" = C:\Dokumente und Einstellungen\Flo\Desktop\FOGDownloaderDE-RunesOfMagic(2).exe:*:Enabled:FOG Downloader -- File not found
"C:\Dokumente und Einstellungen\Flo\Desktop\World of Warcraft\Repair.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- File not found
"C:\Dokumente und Einstellungen\Flo\Desktop\World of Warcraft\BackgroundDownloader.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\Flo\Desktop\YuLeech-RunesofMagic2_0_1_1821-de.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\YuLeech-RunesofMagic2_0_1_1821-de.exe:*:Enabled:FOG Downloader -- File not found
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Electronic Arts\BattleForge\Bootstrapper.exe" = C:\Programme\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher -- (EA Phenomic)
"C:\Programme\Electronic Arts\BattleForge\BattleForge.exe" = C:\Programme\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™ -- (EA Phenomic)
"C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\Flo\Desktop\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Dokumente und Einstellungen\Flo\Desktop\World of Warcraft\Launcher.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Dokumente und Einstellungen\Flo\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Dokumente und Einstellungen\Flo\temp\TeamViewer\Version4\TeamViewer.exe:*:Disabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Temp\Rar$EX00.406\YuLeech-Runes_of_Magic_EN-en.exe" = C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Temp\Rar$EX00.406\YuLeech-Runes_of_Magic_EN-en.exe:*:Disabled:YuLeech -- File not found
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Programme\GameSpy Arcade\Aphex.exe" = C:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- (IGN Entertainment, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Dokumente und Einstellungen\Flo\Desktop\online mmorpg´s\World of Warcraft 1\WoW-3.2.0-deDE-downloader.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\online mmorpg´s\World of Warcraft 1\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Dokumente und Einstellungen\Flo\Desktop\online mmorpg´s\World of Warcraft 1\Launcher.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\online mmorpg´s\World of Warcraft 1\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Dokumente und Einstellungen\Flo\Desktop\online mmorpg´s\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\online mmorpg´s\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Dokumente und Einstellungen\Flo\Desktop\online mmorpg´s\World of Warcraft\Launcher.exe" = C:\Dokumente und Einstellungen\Flo\Desktop\online mmorpg´s\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Anwendungsdaten\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe" = C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Anwendungsdaten\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe:*:Enabled:KCSTrayDownloaderEngine -- (Kamuse, Incorporated)
"C:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = C:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII -- ()
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

This post has been edited 1 times, last edit by "florian95" (Nov 1st 2009, 7:04pm)


  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

9

Sunday, November 1st 2009, 7:03pm

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D56257-DE33-4C7D-817B-C2DE69FE953C}" = BOTS
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Client Installation Program
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2
"{D704CE0E-19F8-4398-B5BE-1B28048DEA7F}" = GlobalDK
"{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}" = S4 League
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E63F3DF4-18E8-4F46-BBD8-E64FC9C370AD}" = TP-LINK Driver Installation Program
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"Cossacks : Back To War" = Cossacks - Back To War
"Dragonica(DE)" = Dragonica(DE)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{D474A0E8-4421-43C0-BE8E-F454F91E2E2A}" = Race Driver 2
"LEGO Racers" = LEGO Racers
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PSP Video 9" = PSP Video 9 4.08
"PunkBusterSvc" = PunkBuster Services
"REAPER" = REAPER
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNations_is1" = TrackMania Nations ESWC 0.1.7.5
"Totalcmd" = Total Commander (Remove or Repair)
"UnityWebPlayer" = Unity Web Player
"VirtualCloneDrive" = VirtualCloneDrive
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinUtilities" = WinUtilities 5.12
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.09.2009 09:12:53 | Computer Name = FLORIAN | Source = MsiInstaller | ID = 11305
Description = Produkt: Fable - The Lost Chapters -- Fehler 1305. Fehler beim Lesen
von Datei: C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Levels\FinalAlbion_RT.stb
Systemfehler 0. Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen
können.

Error - 19.09.2009 09:24:13 | Computer Name = FLORIAN | Source = MsiInstaller | ID = 11305
Description = Produkt: Fable - The Lost Chapters -- Fehler 1305. Fehler beim Lesen
von Datei: C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Levels\FinalAlbion_RT.stb
Systemfehler 0. Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen
können.

Error - 19.09.2009 09:24:17 | Computer Name = FLORIAN | Source = MsiInstaller | ID = 11305
Description = Produkt: Fable - The Lost Chapters -- Fehler 1305. Fehler beim Lesen
von Datei: C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Levels\FinalAlbion_RT.stb
Systemfehler 0. Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen
können.

Error - 19.09.2009 09:29:10 | Computer Name = FLORIAN | Source = MsiInstaller | ID = 11305
Description = Produkt: Fable - The Lost Chapters -- Fehler 1305. Fehler beim Lesen
von Datei: C:\Programme\Microsoft Games\Fable - The Lost Chapters\data\Levels\FinalAlbion_RT.stb
Systemfehler 0. Überprüfen Sie, ob die Datei existiert und ob Sie darauf zugreifen
können.

Error - 30.09.2009 09:50:36 | Computer Name = FLORIAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung bfheroes.exe, Version 0.0.0.0, fehlgeschlagenes
Modul bfheroes.exe, Version 0.0.0.0, Fehleradresse 0x002a6b7c.

Error - 30.09.2009 12:30:27 | Computer Name = FLORIAN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung BFHeroes.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 30.09.2009 12:33:43 | Computer Name = FLORIAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung bfheroes.exe, Version 0.0.0.0, fehlgeschlagenes
Modul bfheroes.exe, Version 0.0.0.0, Fehleradresse 0x00104551.

Error - 30.09.2009 13:03:05 | Computer Name = FLORIAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung bfheroes.exe, Version 0.0.0.0, fehlgeschlagenes
Modul bfheroes.exe, Version 0.0.0.0, Fehleradresse 0x002f024b.

Error - 01.10.2009 14:54:10 | Computer Name = FLORIAN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.5.5.2435, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 11.10.2009 13:48:41 | Computer Name = FLORIAN | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung BF2.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 19.10.2009 12:51:07 | Computer Name = FLORIAN | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit
dem Computer mit der Netzwerkhardwareadresse 00:13:E8:93:A8:AB ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.

Error - 19.10.2009 14:03:34 | Computer Name = FLORIAN | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
001D0FC68B5B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 19.10.2009 14:26:49 | Computer Name = FLORIAN | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
001D0FC68B5B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 23.10.2009 13:12:48 | Computer Name = FLORIAN | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
001D0FC68B5B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 23.10.2009 13:54:28 | Computer Name = FLORIAN | Source = atapi | ID = 262159
Description = Das Gerät \Device\Ide\IdePort0 ist für den Zugriff noch nicht bereit.

Error - 23.10.2009 13:54:28 | Computer Name = FLORIAN | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom1 gefunden.

Error - 24.10.2009 03:38:58 | Computer Name = FLORIAN | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
001D0FC68B5B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 27.10.2009 10:27:16 | Computer Name = FLORIAN | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.1.2 über die
Netzwerkkarte mit der Netzwerkadresse 001D0FC68B5B ist verloren gegangen.

Error - 27.10.2009 10:28:42 | Computer Name = FLORIAN | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst stisvc.

Error - 28.10.2009 10:19:15 | Computer Name = FLORIAN | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
001D0FC68B5B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).


< End of report >

markusg

Community member

Date of registration:
Mar 12th 2006

  • Send private message

10

Sunday, November 1st 2009, 7:20pm

Hi,
download malwareBytes:
www.malwarebytes.org
Update das Programm. Schalte nun Avira aus und trenne die Internetverbindung, in dem du das Netzwerkkabel ziehst oder wlan ausmachst.
nun bei Optionen alle laufwerke scannen auswählen und full scan. Funde Löschen, Log posten.

  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

11

Sunday, November 1st 2009, 8:30pm

hier is das ergebniss:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3080
Windows 5.1.2600 Service Pack 2

01.11.2009 20:29:41
mbam-log-2009-11-01 (20-29-41).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 235140
Laufzeit: 53 minute(s), 51 second(s)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
C:\WINDOWS\system32\advhost.exe (IM.Worm) -> Unloaded process successfully.
C:\WINDOWS\system32\advhost.exe (IM.Worm) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\WINDOWS\system32\adlaunch32.dll (IM.Worm) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (IM.Worm) -> Data: c:\windows\system32\adlaunch32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (IM.Worm) -> Data: system32\adlaunch32.dll -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\adlaunch32.dll (IM.Worm) -> Delete on reboot.
C:\WINDOWS\system32\advhost.exe (IM.Worm) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2A4895C8-7210-4585-BC72-4705A66C2BAF}\RP270\A0066541.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2A4895C8-7210-4585-BC72-4705A66C2BAF}\RP270\A0066542.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

markusg

Community member

Date of registration:
Mar 12th 2006

  • Send private message

12

Sunday, November 1st 2009, 8:46pm

lade gmer rootkitscanner:
www.gmer.net
Bitte das Programm ausführen, auf dem Tab rootkits alles aktivieren. Trenne die Internetverbindung, schalte alle laufenden Programme ab, starte den Scan, poste das Log.

  • "florian95" started this thread

Date of registration:
Nov 1st 2009

  • Send private message

13

Monday, November 2nd 2009, 4:19pm

danke dir jetz ist alles wieder normal und nix ist mehr merkwürdig
1000dank

mfg florian

markusg

Community member

Date of registration:
Mar 12th 2006

  • Send private message

14

Monday, November 2nd 2009, 4:24pm

was ist mit gmer? nur weil alles normal scheint, muss es nicht so sein.