| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundestrojaner (100 Euro in 48 Stunden) hat zugeschlagen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.11.2012, 22:52
| #1 |
 |  Bundestrojaner (100 Euro in 48 Stunden) hat zugeschlagen! Hallo, brauche dringend Hilfe. Habe den Bundestrojaner (oder eine abgewandelte Version davon). Natürlich mit der Aufforderung in 48 std 100 euro zu bezahlen... im Hintergrund auch eine Stimme, die den Text ansagt und man wird quasi über die Webcam gefilmt.... Was soll ich tun? Hier sind die beiden Logfiles von OTL: Code:
ATTFilter OTL logfile created on: 18.11.2012 22:36:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,20 Mb Total Physical Memory | 825,27 Mb Available Physical Memory | 81,37% Memory free 2,39 Gb Paging File | 2,33 Gb Available in Paging File | 97,48% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 139,05 Gb Total Space | 112,43 Gb Free Space | 80,86% Space Free | Partition Type: NTFS Drive D: | 1,87 Gb Total Space | 0,76 Gb Free Space | 40,81% Space Free | Partition Type: FAT Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao751h&r=0xph12098316l0323wu85w8801593q IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao751h&r=0xph12098316l0323wu85w8801593q IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: searchdictcc@roughael:3.4 FF - prefs.js..extensions.enabledAddons: unplug@compunach:2.052 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.10 16:11:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.12.25 22:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.11.07 00:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\00o1hj5s.default\extensions [2012.11.03 11:09:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\00o1hj5s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.07.09 17:07:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\00o1hj5s.default\extensions\engine@conduit.com [2012.09.19 11:39:02 | 000,037,531 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\00o1hj5s.default\extensions\searchdictcc@roughael.xpi [2012.09.25 22:59:27 | 000,142,851 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\00o1hj5s.default\extensions\unplug@compunach.xpi [2012.11.07 00:32:32 | 000,189,128 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\00o1hj5s.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011.10.13 20:49:14 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\00o1hj5s.default\searchplugins\sweetim.xml [2012.11.10 16:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.10 16:11:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.15 11:14:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.15 13:39:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.15 11:14:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 11:14:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 11:14:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 11:14:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.07 22:41:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ctfmon.lnk = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A626278A-F6B1-4EA1-A48A-7DB55B5BC2EA}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igdlogin: DllName - (igdlogin.dll) - C:\WINDOWS\System32\igdlogin.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.25 23:45:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 22:18:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe [2012.11.10 16:10:42 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.18 22:37:53 | 000,450,410 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.18 22:37:53 | 000,434,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.18 22:37:53 | 000,068,412 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.18 22:37:52 | 000,081,210 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.18 22:33:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.18 22:28:36 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012.11.18 22:18:09 | 000,001,090 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ctfmon.lnk [2012.11.18 22:18:05 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe [2012.11.18 22:04:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.17 00:08:53 | 000,425,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Desktop\Bildschirmfoto-2012-11-16-um-17.50.44.jpg.png [2012.11.16 05:23:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.16 05:23:02 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.14 23:19:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2012.10.22 20:56:29 | 001,866,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys ========== Files Created - No Company Name ========== [2012.11.18 22:18:09 | 000,001,090 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ctfmon.lnk [2012.11.18 22:18:06 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012.11.17 00:08:49 | 000,425,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Desktop\Bildschirmfoto-2012-11-16-um-17.50.44.jpg.png [2012.05.20 15:50:06 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat [2012.04.07 13:11:06 | 000,000,234 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2012.03.09 19:08:22 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc [2012.02.15 21:23:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.26 21:15:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2011.10.04 11:26:21 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2011.06.28 20:01:16 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4o.DLL [2011.05.20 10:59:46 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.05.20 10:59:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011.05.20 10:59:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2010.01.18 15:06:22 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.26 15:12:31 | 000,000,844 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat ========== ZeroAccess Check ========== [2009.12.25 23:50:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.11.2012 22:36:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,20 Mb Total Physical Memory | 825,27 Mb Available Physical Memory | 81,37% Memory free
2,39 Gb Paging File | 2,33 Gb Available in Paging File | 97,48% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 139,05 Gb Total Space | 112,43 Gb Free Space | 80,86% Space Free | Partition Type: NTFS
Drive D: | 1,87 Gb Total Space | 0,76 Gb Free Space | 40,81% Space Free | Partition Type: FAT
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Acer\Acer VCM\VC.exe" = C:\Programme\Acer\Acer VCM\VC.exe:*:Disabled:Acer Video Quality Enhancement -- (Acer Incoporated)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye webcam 2.2.0.2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.17a
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"7-Zip" = 7-Zip 4.65
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"FormatFactory" = FormatFactory 2.90
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"Lexmark Z600 Series" = Lexmark Z600 Series
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"LManager" = Launch Manager
"LPCO" = Intel(R) Graphics Media Accelerator 500
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.06.2012 16:08:38 | Computer Name = * | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung avnotify.exe, Version 12.3.0.15, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.06.2012 07:40:15 | Computer Name = * | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 08.07.2012 06:13:24 | Computer Name = * | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.3.23, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.08.2012 17:20:06 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0x14
Error - 22.08.2012 16:52:29 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 26.08.2012 21:23:56 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 28.08.2012 07:06:51 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 05.09.2012 18:25:38 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 31.10.2012 15:28:38 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 14.11.2012 17:52:33 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0x14
[ Application Events ]
Error - 05.06.2012 16:08:38 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung avnotify.exe, Version 12.3.0.15, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.06.2012 07:40:15 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 08.07.2012 06:13:24 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.3.23, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.08.2012 17:20:06 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0x14
Error - 22.08.2012 16:52:29 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 26.08.2012 21:23:56 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 28.08.2012 07:06:51 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 05.09.2012 18:25:38 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 31.10.2012 15:28:38 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 14.11.2012 17:52:33 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0x14
[ System Events ]
Error - 18.11.2012 17:24:16 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 18.11.2012 17:24:16 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL
Error - 18.11.2012 17:34:25 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 18.11.2012 17:34:27 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 18.11.2012 17:34:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 18.11.2012 17:34:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 18.11.2012 17:34:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 18.11.2012 17:34:51 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 18.11.2012 17:34:51 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL
Error - 18.11.2012 17:35:40 | Computer Name = *** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
|
| Themen zu Bundestrojaner (100 Euro in 48 Stunden) hat zugeschlagen! |
| 48 stunden, 7-zip, adobe, adobe flash player, avira, bho, desktop, dringend, einstellungen, excel, explorer, firefox, flash player, format, home, launch, malwarebytes, microsoft, nodrives, office 2007, opera, plug-in, realtek, registry, rundll, scan, security, software, win32/reveton.j, windows internet, wmp |
Baum-Darstellung