| |
| |||||||
Log-Analyse und Auswertung: Dnet24 GmbH - Rechnung geöffnet - Kaspersky erkannte "Win32.inject.efmi" - Word Dateien gehen nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.06.2012, 13:14
| #1 |
| |  Dnet24 GmbH - Rechnung geöffnet - Kaspersky erkannte "Win32.inject.efmi" - Word Dateien gehen nicht Hallo wertes Trojaner-Board-Team, am Computer (XP/32bit/alle Updates) eines Kollegen wurde der Anhang einer E-Mail von der Dnet24 GmbH geöffnet. Diese zip-Datei enthielt den Trojaner "Win32.inject.efmi" welcher von Kaspersky auch in die Quarantäne geschoben wurde. Seit dem öffnen des Trojaners gehen alle Word-Dateien nicht mehr. Ich vermute dass es sich um eine art Verschlüsselung handelt. Die Dateien heißen aber nicht locked-xxxx.doc sondern haben ihren normalen Namen. Erst beim öffnen kam zuerst "msword632.wpc kann den Konverter nicht starten", als das von mir behoben wurde kommt die Auswahl des passenden Konverters, aber keiner Funktioniert.  Es kam bis jetzt aber keine Aufforderung etwas zu bezahlen, der Rechner funktioniert soweit normal. Auffällig ist: Unter %Benutzerprofil% gibt es einen Ordner "Rpgxpnysjvf" welchen ich nicht löschen kann da er ein Windows-Systemordner ist. Das kann ich mir in einem Benutzerprofil schwer vorstellen und vermute dass das etwas mit dem Trojaner zu tun hat. Hier nun die Logs: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:12 on 18/06/2012 (Anwender)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL: OTL Code:
ATTFilter OTL logfile created on: 18.06.2012 13:14:07 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\Anwender\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,86 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 64,89% Memory free 3,70 Gb Paging File | 2,88 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,74 Gb Total Space | 427,16 Gb Free Space | 91,71% Space Free | Partition Type: NTFS Computer Name: LENOVO | User Name: Anwender | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.18 13:13:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe PRC - [2012.05.17 20:08:30 | 003,906,944 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.01.19 13:30:04 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2010.11.26 14:42:59 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe PRC - [2009.12.01 10:52:26 | 002,326,912 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe PRC - [2009.08.28 17:55:42 | 000,357,936 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2009.08.28 17:55:38 | 000,661,072 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2009.08.28 17:55:10 | 005,078,416 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2009.05.15 18:29:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2008.10.20 23:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.07.21 16:46:28 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe PRC - [2008.07.21 16:46:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.03.04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.06.18 11:25:27 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.06.18 11:25:27 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.06.17 10:07:24 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.06.17 10:07:24 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.06.13 17:18:30 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MOD - [2012.05.10 13:42:01 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.09 21:13:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 21:12:57 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2010.07.01 22:34:54 | 002,086,584 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avzkrnl.dll MOD - [2009.11.11 17:49:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.10.20 23:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.05.10 13:42:35 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010.11.26 14:42:59 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP) SRV - [2009.12.01 10:52:26 | 002,326,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2009.08.28 17:55:38 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009.05.15 18:29:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.20 23:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.07.21 16:46:28 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2008.07.21 16:46:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) Intel(R) SRV - [2008.03.04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.11.26 14:42:59 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2010.06.09 18:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2) DRV - [2010.06.09 18:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2010.05.07 13:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2009.12.01 10:52:26 | 000,152,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) DRV - [2009.12.01 10:52:25 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) DRV - [2009.12.01 10:52:24 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2009.12.01 10:52:23 | 000,156,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2009.11.02 21:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.04.22 18:04:18 | 000,008,704 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2008.10.24 11:32:24 | 000,149,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R) DRV - [2008.03.28 13:42:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2008.02.10 18:49:10 | 000,018,048 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={8EF88EEF-A061-4234-8F85-A54704912226} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 54 17 B2 E6 B0 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111789&tt=060612_7_&babsrc=SP_ss&mntrId=d8ad65be00000000000000241daecca3 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061358 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=6jB3zioGxB IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={8EF88EEF-A061-4234-8F85-A54704912226} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll CHR - plugin: (Enabled) = C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\chromeNPAPI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Babylon Toolbar = C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm () O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.153.217.232 194.153.217.233 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08D8287A-80B6-4F4B-92A6-EEC9816335AD}: DhcpNameServer = 194.153.217.232 194.153.217.233 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.11.11 17:17:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{71a9bd81-74b2-11df-8e0f-00241daecca3}\Shell\AutoRun\command - "" = J:\EBCC-7.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.18 13:13:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe [2012.06.18 12:18:51 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Anwender\Desktop\HiJackThis204.exe [2012.06.18 11:58:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.06.18 11:58:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Eigene Dateien\Meine empfangenen Dateien [2012.06.17 10:11:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.06.17 10:07:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\SUPERAntiSpyware.com [2012.06.17 10:06:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2012.06.17 10:06:00 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2012.06.17 10:05:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\BabylonToolbar [2012.06.17 10:05:43 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar [2012.06.17 10:04:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Babylon [2012.06.17 10:04:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.06.17 10:04:18 | 000,000,000 | ---D | C] -- C:\Programme\BrowserCompanion [2012.06.17 10:04:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\AppData [2012.06.13 08:30:51 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012.06.12 13:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Rpgxpnysjvf [2012.06.12 13:23:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Pgxpnysq [2012.06.12 13:23:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Fenf [2012.06.12 13:22:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.18 13:59:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 13:22:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.18 13:13:24 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe [2012.06.18 13:12:08 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\defogger_reenable [2012.06.18 13:11:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\Defogger.exe [2012.06.18 12:18:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Anwender\Desktop\HiJackThis204.exe [2012.06.18 11:58:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.18 11:49:17 | 000,034,682 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\nwsettings.JPG [2012.06.18 11:29:03 | 000,477,630 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.18 11:29:03 | 000,435,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.18 11:29:03 | 000,091,676 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.18 11:29:03 | 000,068,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.18 11:24:51 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.18 11:24:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.18 11:16:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.06.17 21:39:20 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\Arbeitsplatz.lnk [2012.06.17 10:11:49 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.06.17 10:06:03 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.17 10:05:50 | 000,001,531 | ---- | M] () -- C:\user.js [2012.06.13 11:20:34 | 000,449,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.18 13:12:08 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Anwender\defogger_reenable [2012.06.18 13:11:40 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\Defogger.exe [2012.06.18 11:49:17 | 000,034,682 | ---- | C] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\nwsettings.JPG [2012.06.17 21:39:20 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\Arbeitsplatz.lnk [2012.06.17 10:11:49 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.06.17 10:06:03 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.17 10:05:27 | 000,001,531 | ---- | C] () -- C:\user.js [2012.02.15 09:00:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.06.22 13:30:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat [2011.06.22 13:30:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat [2011.03.03 14:51:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [2011.02.12 16:10:57 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2011.02.04 19:33:03 | 000,200,758 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll [2011.01.09 14:01:19 | 000,000,090 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.12.04 13:45:07 | 000,350,208 | ---- | C] () -- C:\WINDOWS\System32\Rivet200.dll [2010.12.04 13:35:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2010.10.03 08:51:31 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll [2010.10.03 08:51:31 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.06.2012 13:14:07 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\Anwender\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,86 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 64,89% Memory free
3,70 Gb Paging File | 2,88 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,74 Gb Total Space | 427,16 Gb Free Space | 91,71% Space Free | Partition Type: NTFS
Computer Name: LENOVO | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\IncrediMail\Bin\IncMail.exe" = C:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\Bin\ImApp.exe" = C:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\Bin\ImpCnt.exe" = C:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5ITBQ5HZ\SweetImSetup[1].exe" = C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5ITBQ5HZ\SweetImSetup[1].exe:*:Enabled:SweetIM Installer
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385B9EE4-D4AC-40f7-AE10-94973A58A57E}" = 8500A909_BasicWeb
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40A24C8A-9C6D-4E8A-A41E-ADF995EFD848}" = 8500A909_Help_BasicWeb
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{85953BE7-2658-4B31-F727-716E94036FFB}" = MORE! 1 Grammar Practice
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{94DF3F23-B26F-42EF-8BC5-55EFE3F02D8F}" = Winbond TPM Device Driver
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{999104C6-AC4B-43D3-B8E2-125C0EEA9A71}" = Intel(R) Network Connections 13.4.22.0
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA4C985-9C4E-440c-8C3A-9208E18CC4F9}" = HP Officejet Pro 8500 A909 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BabylonToolbar" = Babylon toolbar on IE
"DATA BECKER Einladungs-Druckerei" = DATA BECKER Einladungs-Druckerei
"Google Chrome" = Google Chrome
"Hardware Helper_is1" = Hardware Helper
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"ie8" = Windows Internet Explorer 8
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"InterActual Player" = InterActual Player
"MESOL" = Intel® Active-Management-Technologie
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoreGrammarPractice1" = MORE! 1 Grammar Practice
"OpenAL" = OpenAL
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.06.2012 04:38:35 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.06.2012 04:38:41 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.06.2012 04:41:18 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.06.2012 15:32:44 | Computer Name = LENOVO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft Office Word MUI (German) 2007 -- Fehler 1500. Zurzeit
wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation
abschließen, bevor Sie diese Installation fortsetzen können.
Error - 17.06.2012 15:32:48 | Computer Name = LENOVO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft Office Word MUI (German) 2007 -- Fehler 1500. Zurzeit
wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation
abschließen, bevor Sie diese Installation fortsetzen können.
Error - 17.06.2012 15:32:55 | Computer Name = LENOVO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft Office Word MUI (German) 2007 -- Fehler 1500. Zurzeit
wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation
abschließen, bevor Sie diese Installation fortsetzen können.
Error - 17.06.2012 15:32:56 | Computer Name = LENOVO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft Office Word MUI (German) 2007 -- Fehler 1500. Zurzeit
wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation
abschließen, bevor Sie diese Installation fortsetzen können.
Error - 18.06.2012 05:00:48 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.06.2012 05:06:46 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.06.2012 06:44:30 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ Application Events ]
Error - 17.06.2012 04:38:35 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.06.2012 04:38:41 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.06.2012 04:41:18 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.06.2012 15:32:44 | Computer Name = LENOVO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft Office Word MUI (German) 2007 -- Fehler 1500. Zurzeit
wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation
abschließen, bevor Sie diese Installation fortsetzen können.
Error - 17.06.2012 15:32:48 | Computer Name = LENOVO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft Office Word MUI (German) 2007 -- Fehler 1500. Zurzeit
wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation
abschließen, bevor Sie diese Installation fortsetzen können.
Error - 17.06.2012 15:32:55 | Computer Name = LENOVO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft Office Word MUI (German) 2007 -- Fehler 1500. Zurzeit
wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation
abschließen, bevor Sie diese Installation fortsetzen können.
Error - 17.06.2012 15:32:56 | Computer Name = LENOVO | Source = MsiInstaller | ID = 11500
Description = Produkt: Microsoft Office Word MUI (German) 2007 -- Fehler 1500. Zurzeit
wird eine andere Installation ausgeführt. Sie müssen erst die andere Installation
abschließen, bevor Sie diese Installation fortsetzen können.
Error - 18.06.2012 05:00:48 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.06.2012 05:06:46 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.06.2012 06:44:30 | Computer Name = LENOVO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6504.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 04.03.2010 07:31:13 | Computer Name = LENOVO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.03.2010 07:31:40 | Computer Name = LENOVO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.03.2010 07:31:52 | Computer Name = LENOVO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.03.2010 07:33:03 | Computer Name = LENOVO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.11.2011 18:38:40 | Computer Name = LENOVO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 0 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.06.2012 05:20:25 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
3. Parameter 00000000, 4. Parameter 8a91b300.
Error - 18.06.2012 05:20:37 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 88d96af8,
3. Parameter 88d971c0, 4. Parameter 88d96470.
Error - 18.06.2012 05:21:59 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
3. Parameter e4f1bbd0, 4. Parameter 883e3d00.
Error - 18.06.2012 05:22:05 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 1000008e, 1. Parameter c0000005, 2. Parameter 805bc245,
3. Parameter 9a4b0c68, 4. Parameter 00000000.
Error - 18.06.2012 05:22:12 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
3. Parameter 0004fd48, 4. Parameter 886dfa00.
Error - 18.06.2012 05:22:16 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 10000050, 1. Parameter bc40b40a, 2. Parameter 00000000,
3. Parameter 8054b51a, 4. Parameter 00000002.
Error - 18.06.2012 05:22:20 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
3. Parameter 00000000, 4. Parameter 87e38100.
Error - 18.06.2012 05:22:25 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
3. Parameter 000006f8, 4. Parameter 887bad00.
Error - 18.06.2012 05:22:34 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000007, 2. Parameter 00000cd4,
3. Parameter 00000000, 4. Parameter 87c59e00.
Error - 18.06.2012 05:22:39 | Computer Name = LENOVO | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 89a097f8,
3. Parameter 89a0a4f8, 4. Parameter 89a097f4.
< End of report >
Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 11.11.2009 12.0.6425.1000
Acronis True Image Home Acronis 01.12.2009 157,6MB 13.0.5029
Adobe AIR Adobe Systems Inc. 01.12.2011 2.5.1.17730
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.11.2009 11.2.202.235
Adobe Reader 9.5.1 - Deutsch Adobe Systems Incorporated 12.04.2012 124,8MB 9.5.1
Anno 1701 Sunflowers 08.09.2011 1.02
Babylon toolbar on IE 17.06.2012
BabylonObjectInstaller Babylon Ltd 17.06.2012 2,05MB 2.0.0.2
CCleaner Piriform 23.05.2012 3.19
CDBurnerXP CDBurnerXP 11.11.2009 4.2.4.1351
DATA BECKER Einladungs-Druckerei 03.03.2011
Die Sims™ 3 Electronic Arts 25.12.2011 1.0.631
Google Chrome Google Inc. 17.06.2012 19.0.1084.56
Google Toolbar for Internet Explorer Google Inc. 21.06.2010 7.3.2710.138
Hardware Helper Driver-Soft Inc. 06.04.2012 11.0
HP Officejet Pro 8500 A909 Series HP 11.12.2009 12.0
Intel(R) Graphics Media Accelerator Driver Intel Corporation 11.11.2009
Intel(R) Management Engine Interface Intel Corporation 11.11.2009
Intel(R) Network Connections 13.4.22.0 Intel 11.11.2009 13.4.22.0
Intel® Active-Management-Technologie Intel Corporation 11.11.2009
InterActual Player 26.12.2009
Kaspersky Internet Security 2011 Kaspersky Lab 26.11.2010 11.0.1.400
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 13.06.2012 185,3MB 2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 11.11.2009 6,30MB 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 09.05.2012 240MB 3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 11.11.2009 37,5MB 3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 13.06.2012
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.05.2012
Microsoft Flight Simulator X Microsoft Game Studios 29.02.2012 10.0.60905
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.04.2011 5,21MB 8.0.56336
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 27.12.2011 11,1MB 10.0.40219
Microsoft WSE 3.0 Runtime Microsoft Corp. 25.12.2011 0,92MB 3.0.5305.0
MORE! 1 Grammar Practice Helbling Languages 01.12.2011 V1.2
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.12.2009 2,67MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 12.12.2009 2,77MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 29.02.2012 36,00KB 4.20.9818.0
OpenAL 29.08.2011
Photo Notifier and Animation Creator IncrediMail Ltd. 08.01.2011 1.0.0.1009
ProtectDisc Helper Driver 10 13.06.2012 10.0.0.3
QuickTime Apple Inc. 04.11.2010 77,9MB 7.50.61.0
Security Update for Windows Search 4 - KB963093 Microsoft Corporation 22.06.2011
SoundMAX Analog Devices 11.11.2009 5.10.01.6540
SUPERAntiSpyware SUPERAntiSpyware.com 17.06.2012 5.0.1150
SweetIM for Messenger 3.6 SweetIM Technologies Ltd. 22.02.2012 4,77MB 3.6.0007
SweetPacks Toolbar for Internet Explorer 4.4 SweetIM Technologies Ltd. 22.02.2012 4,25MB 4.4.0001
ThinkVantage System Update Lenovo 11.11.2009 27,2MB 3.14.0024
Winbond TPM Device Driver Winbond Electronics Corporation 11.11.2009 3,16MB 6.80.0004
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 11.11.2009
Windows Internet Explorer 8 Microsoft Corporation 11.11.2009 20090308.140743
Windows Search 4.0 Microsoft Corporation 22.06.2011 04.00.6001.503
Danke für die Hilfe. Update: Mir fällt auf dass alle Daten nicht mehr gehen. (Bilder etc.) Wenn ich neue Daten erstelle gehen sie aber normal. Auch mit Open-Office gingen die Word-Dokumente leider nicht. |
|
19.06.2012, 13:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Dnet24 GmbH - Rechnung geöffnet - Kaspersky erkannte "Win32.inject.efmi" - Word Dateien gehen nicht Gehts es dir nur um die Entschlüsselung weil du das System neu machen willst oder soll es bereinigt werden?
__________________
__________________ |
|
| Themen zu Dnet24 GmbH - Rechnung geöffnet - Kaspersky erkannte "Win32.inject.efmi" - Word Dateien gehen nicht |
| 32 bit, babylon toolbar, babylontoolbar, becker, benutzerprofil, bho, browser, cdburnerxp, computer, dnetgmbh, e-mail, error, excel, fehler, fehlercode 0, fehlercode 1, fehlercode 10, firefox, flash player, hijack, hijackthis, homepage, iexplore.exe, installation, kaspersky, langs, lenovo, logfile, microsoft office word, msiinstaller, nicht starten, officejet, plug-in, registry, scan, searchscopes, security, software, starten, sweetim, sweetpacks, system error, tastatur, trojaner, updates, windows internet, word2007, zip-datei |
Linear-Darstellung
