Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   50€ Virus Ukash, Sperrbildschirm nix funktioniert mehr (https://www.trojaner-board.de/114128-50-virus-ukash-sperrbildschirm-nix-funktioniert-mehr.html)

commander909 26.04.2012 10:15
50€ Virus Ukash, Sperrbildschirm nix funktioniert mehr
 
Hallöchen,
ich habe ein Problem.
Immer wenn ich Windows 7 starte, kommt ein Blackscreen und sagt mir, dass Windows gesperrt ist und ich soll mit UKash 50€ zahlen um den Bildschirm freizuschalten.

Könnte mir da jemand helfen?

Habe mir das Tool OTL runtergeladen und mein System gescannt.

LG commander909

markusg 26.04.2012 10:24
hi,
schön, aber für uns ohne logfiles komplett nutzlos :d
poste die otl logs bitte

commander909 26.04.2012 13:39
Hier die OTL - "Extra".txtOTL Logfile:
Code:
OTL Extras logfile created on: 26.04.2012 11:24:33 - Run 1
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\Erxleben\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 74,21% Memory free
5,93 Gb Paging File | 5,19 Gb Available in Paging File | 87,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451,07 Gb Total Space | 402,80 Gb Free Space | 89,30% Space Free | Partition Type: NTFS
Drive E: | 998,70 Mb Total Space | 998,70 Mb Free Space | 100,00% Space Free | Partition Type: FAT
 
Computer Name: BUCHHALTUNG | User Name: Erxleben | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\Numzus\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Mandant\Mandant.exe" = C:\DATEV\PROGRAMM\Mandant\Mandant.exe:*:Enabled:Mandant.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe
"C:\DATEV\PROGRAMM\RWApplic\Datev.Irw.Managed.ServiceProvider.exe" = C:\DATEV\PROGRAMM\RWAPPLIC\Datev.Irw.Managed.ServiceProvider.exe:*:Enabled:DATEV IRW ServiceProvider -- (DATEV eG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AE7BE8-4B51-4EF2-BDF8-DAE8C1A0E7E5}" = lport=1947 | protocol=17 | dir=in | name=hasp srm  |
"{0CB45B93-3364-4968-BC99-F7FF57927065}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{23E600DA-1DF8-4416-B1EF-436F9624BA6A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2F576C4A-08D8-4151-8CBF-9C253C96533C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{379F4DFC-252A-4DCA-A69E-5D5FE54F9F0E}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast |
"{41AAE210-5050-4E4A-9F2D-0E350D42B714}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{56B6C095-F6DB-4EC9-B404-2480A4871486}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe |
"{61A09841-4BEA-43A9-B284-13E53DF45B52}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{ABB57886-5B0A-4F0D-AD11-D76B988286C5}" = lport=1947 | protocol=6 | dir=in | name=hasp srm  |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2578794E-150C-43DC-A91E-CFAB4CEF23D3}" = protocol=6 | dir=in | app=c:\datev\programm\b0000398\sipahost.exe |
"{306654B2-ED92-4D0E-8400-0F719F0F5A57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{38B8049C-AFF0-482D-9CC0-376F3F8FD2B6}" = protocol=6 | dir=in | app=c:\datev\programm\k0005000\arbeitsplatz.exe |
"{48E09AD8-1781-4104-A75D-BB9C8A914CF8}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{52CD5550-8BCB-4F55-A793-0C1C688A9A13}" = protocol=6 | dir=in | app=c:\datev\programm\rwapplic\datev.irw.managed.serviceprovider.exe |
"{539EC032-EA50-4024-A9C3-847EB8B231BE}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{85153194-51F3-4BFD-8EAF-367F7F0C2745}" = protocol=6 | dir=in | app=c:\datev\programm\b0000000\dfuemngr\dfueman.exe |
"{85237172-77E9-42BA-9942-516E904A946A}" = protocol=6 | dir=in | app=c:\datev\programm\dfueisdn\sslclt\sslclt.exe |
"{85A0FBAD-6EEE-4A0A-809B-19EEE1A3079F}" = protocol=6 | dir=in | app=c:\datev\programm\b0000391\datev.security.dokumentenschutz.exe |
"{97BB4B1F-BF0A-4AE8-BC88-0F47461BE1F8}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{9AE2CE6C-C5D8-402B-BD37-6C03F5DCA157}" = protocol=6 | dir=in | app=c:\datev\programm\rzkomm\funkt_fv.exe |
"{A109A5EC-56AF-4BB1-8168-4FEECF75C377}" = protocol=6 | dir=in | app=c:\datev\programm\dfuews\mntbna\mntbna.exe |
"{CFE079C1-7187-453D-A43B-AEB8D6D55E78}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D3D2D30E-3BA3-4B85-ADC4-C01D1B721384}" = protocol=6 | dir=in | app=c:\datev\system\ccsrv3.exe |
"{DDE3320B-E5CB-4661-8E55-2F0BDF99EF3E}" = protocol=6 | dir=in | app=c:\datev\programm\b0000195\addman\datevaddman.exe |
"{FAB632C5-767A-4C17-A0ED-F656E7C452EF}" = protocol=6 | dir=in | app=c:\datev\programm\rzkomm\dfuesammlerdienst.exe |
"{FB9FEDE6-23AD-46B1-BD60-0AEE88C8F12C}" = protocol=6 | dir=in | app=c:\datev\programm\b0000000\dfuemngr\dcmanag.exe |
"TCP Query User{0B3FDA93-7EC7-4074-B98C-250B62DDDD06}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4C2DA0EC-B676-41E4-AC2E-65EBAA7B1E5B}C:\datev\programm\dfueisdn\sslclt\sslclt.exe" = protocol=6 | dir=in | app=c:\datev\programm\dfueisdn\sslclt\sslclt.exe |
"UDP Query User{40239EE1-0C94-403D-80E6-199EFEFC59C1}C:\datev\programm\dfueisdn\sslclt\sslclt.exe" = protocol=17 | dir=in | app=c:\datev\programm\dfueisdn\sslclt\sslclt.exe |
"UDP Query User{722D33B2-9AF9-493A-A9E1-989EFED77099}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{31D72A9B-F7A1-4FE9-A9BC-45D2BE2610D4}" = SQLXML4
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5FCFEBE0-EBDA-42A5-BC6E-67B94A47D6F0}" = kobdfu x64x86 driver installation
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}" = Crystal Reports Runtime XI
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{901C0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{990C85A1-0630-4F22-9F1B-7DBE44B44F2D}" = Dialogseminar online V.3.0
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5CBEBFF-3DB4-4271-A706-757BBE3BD5AE}" = KOBIL CCID driver x64x86
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (DATEV_CL_DE01)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DATEVB00000482.0" = DATEV Installation V.2.9
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Dialogseminar online V.3.0" = Dialogseminar online V.3.0
"ElsterFormular für Unternehmer 12.2.1.6570u" = ElsterFormular-Update
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"SAII" = Conexant SmartAudio
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2012 07:41:16 | Computer Name = Buchhaltung | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: installationsverwaltung.exe, Version:
 0.0.0.0, Zeitstempel: 0x4f477248  Name des fehlerhaften Moduls: QtCore4.dll, Version:
 4.7.2.0, Zeitstempel: 0x4db68ca8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001fe98
ID
 des fehlerhaften Prozesses: 0x1994  Startzeit der fehlerhaften Anwendung: 0x01cd220d93cd181b
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ElsterFormular\bin\installationsverwaltung.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ElsterFormular\bin\QtCore4.dll  Berichtskennung:
 666a6899-8e02-11e1-ae24-f04da2eae3f8
 
Error - 24.04.2012 11:02:51 | Computer Name = Buchhaltung | Source = DFÜ-Manager | ID = 2
Description = Das DFÜ-System ist inkonsistent.
 
Error - 25.04.2012 04:03:52 | Computer Name = Buchhaltung | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.04.2012 04:06:24 | Computer Name = Buchhaltung | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Datev\PROGRAMM\RWMahn\CFFH__x64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.04.2012 06:05:13 | Computer Name = Buchhaltung | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Datev\PROGRAMM\B0001401\UpdateDevmode.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.04.2012 06:08:00 | Computer Name = Buchhaltung | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Datev\PROGRAMM\RWMahn\CFFH__x64.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.04.2012 07:00:04 | Computer Name = Buchhaltung | Source = PC-Doctor | ID = 1
Description = (8828) Asapi: (13:00:04:4080)(8828) libAsapi.DynamicLoadedPlugin -
 Error -- 64 Unable to load library 'S3LogPusher.dll'
 
Error - 25.04.2012 07:00:04 | Computer Name = Buchhaltung | Source = PC-Doctor | ID = 1
Description = (8828) Asapi: (13:00:04:4540)(8828) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load.
 
Error - 25.04.2012 10:58:01 | Computer Name = Buchhaltung | Source = DFÜ-Manager | ID = 2
Description = Das DFÜ-System ist inkonsistent.
 
Error - 26.04.2012 02:12:43 | Computer Name = Buchhaltung | Source = DFÜ-Manager | ID = 2
Description = Das DFÜ-System ist inkonsistent.
 
[ Broadcom Wireless LAN Events ]
Error - 16.01.2012 03:02:44 | Computer Name = Buchhaltung | Source = WLAN-Tray | ID = 0
Description = 08:02:44, Mon, Jan 16, 12 Error - Unable to gain access to user store

 
[ OSession Events ]
Error - 02.01.2012 08:25:44 | Computer Name = Buchhaltung | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19404
 seconds with 1800 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.04.2012 04:01:35 | Computer Name = Buchhaltung | Source = DCOM | ID = 10010
Description =
 
Error - 17.04.2012 04:01:34 | Computer Name = Buchhaltung | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 18.04.2012 01:54:05 | Computer Name = Buchhaltung | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?04.?2012 um 16:59:08 unerwartet heruntergefahren.
 
Error - 20.04.2012 01:46:38 | Computer Name = Buchhaltung | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?04.?2012 um 17:01:16 unerwartet heruntergefahren.
 
Error - 20.04.2012 01:47:13 | Computer Name = Buchhaltung | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 23.04.2012 01:52:54 | Computer Name = Buchhaltung | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?04.?2012 um 17:00:33 unerwartet heruntergefahren.
 
Error - 23.04.2012 01:53:31 | Computer Name = Buchhaltung | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 24.04.2012 08:14:19 | Computer Name = Buchhaltung | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 10.
 
Error - 26.04.2012 01:54:04 | Computer Name = Buchhaltung | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?04.?2012 um 16:58:21 unerwartet heruntergefahren.
 
Error - 26.04.2012 01:54:42 | Computer Name = Buchhaltung | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
 
< End of report >
--- --- ---




UND DIE OTL.txtOTL Logfile:
Code:
OTL logfile created on: 26.04.2012 11:24:33 - Run 1
OTL by OldTimer - Version 3.2.42.1    Folder = C:\Users\Erxleben\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 74,21% Memory free
5,93 Gb Paging File | 5,19 Gb Available in Paging File | 87,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451,07 Gb Total Space | 402,80 Gb Free Space | 89,30% Space Free | Partition Type: NTFS
Drive E: | 998,70 Mb Total Space | 998,70 Mb Free Space | 100,00% Space Free | Partition Type: FAT
 
Computer Name: BUCHHALTUNG | User Name: Erxleben | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Erxleben\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Datev.Framework.RemoteServices.Messaging.CentralMessagingService) -- C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService File not found
SRV - (Datev.Framework.RemoteServices) -- C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices File not found
SRV - (Datev.Framework.RemoteServiceModel.EnablerService) -- C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService File not found
SRV - (Datev.Database.Conserve) -- C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DatevPrintService) -- C:\Datev\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
SRV - (Dcmanag) -- C:\Datev\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (DATEV eG)
SRV - (DATEV Update-Service) -- C:\Datev\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (DVckService) -- C:\Datev\PROGRAMM\B0000150\ScServer\DVckService.exe (DATEV eG)
SRV - (Sicherheitspaket-Dienst) -- C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe (Datev eG)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$DATEV_CL_DE01) SQL Server (DATEV_CL_DE01) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SCardService) -- C:\Datev\PROGRAMM\B0000347\ScMgmt\SCardService.exe (DATEV eG)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (DATEV Logon Service) -- C:\Datev\PROGRAMM\B0001364\DtvScSer.exe (DATEV e.G.)
SRV - (KOBIL_MSDI) -- C:\Datev\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH)
SRV - (msftesql$DATEV_CL_DE01) SQL Server-Volltextsuche (DATEV_CL_DE01) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KOBCCID) -- C:\Windows\System32\drivers\KOBCCID.sys (KOBIL Systems GmbH)
DRV - (KOBCCEX) -- C:\Windows\System32\drivers\KOBCCEX.sys (KOBIL Systems GmbH)
DRV - (SC_SERV3D) -- C:\Windows\System32\drivers\d3_kafm.sys (Datev eG)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (VIACRX86) -- C:\Windows\System32\drivers\viacr.sys (VIA Technologies, Inc.              )
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {137C5038-F36E-4713-B0C7-E7336F9E469B}
IE - HKLM\..\SearchScopes\{137C5038-F36E-4713-B0C7-E7336F9E469B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {137C5038-F36E-4713-B0C7-E7336F9E469B}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
 
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID value found.
O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Datev\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSAScardBHO002.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DATEV Update-Monitor] C:\Datev\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG)
O4 - HKLM..\Run: [DATEV_SCardMan] C:\Datev\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE] C:\Datev\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SiPaHost] C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG)
O4 - HKCU..\Run: [50AEEBAE] C:\Users\Erxleben\AppData\Roaming\Oyyr\55CA429250AEEBAE283A.exe (Tastiera penna)
O4 - Startup: C:\Users\Erxleben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netzlaufwerk.bat.lnk = C:\Verwaltung\netzlaufwerk.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57A02512-4D88-4878-9037-99DD89975D7A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.26 11:12:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Erxleben\Desktop\OTL.exe
[2012.04.26 07:59:04 | 000,000,000 | ---D | C] -- C:\Users\Erxleben\AppData\Roaming\Oyyr
[2012.04.13 08:01:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 08:01:41 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.13 08:01:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 08:01:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 08:01:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 08:01:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 07:58:11 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 07:58:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.04 15:26:41 | 000,000,000 | ---D | C] -- C:\Users\Erxleben\Documents\DATEV
[2012.04.03 11:46:37 | 000,000,000 | ---D | C] -- C:\Users\Erxleben\Desktop\Neuer Ordner
[2012.04.03 08:01:37 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.26 11:23:23 | 000,806,484 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.26 11:23:23 | 000,745,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.26 11:23:23 | 000,188,278 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.26 11:23:23 | 000,151,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.26 11:21:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.26 11:20:59 | 2388,238,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.26 11:05:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.26 10:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.26 10:43:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Erxleben\Desktop\OTL.exe
[2012.04.26 09:39:27 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 09:39:27 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 09:32:28 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.26 08:11:05 | 000,108,641 | ---- | M] () -- C:\Users\Erxleben\Documents\locked-Vollmacht Verkehrsamt.pdf.rwpr
[2012.04.26 08:11:00 | 000,018,984 | ---- | M] () -- C:\Users\Erxleben\Documents\locked-kassenbuch-10-11-2010.pdf.nurp
[2012.04.26 08:10:58 | 000,461,824 | ---- | M] () -- C:\Users\Erxleben\Documents\locked-EI-Kanzlei-Rechnungswesen 04062010 001.DMT.fhif
[2012.04.26 08:10:35 | 000,004,827 | ---- | M] () -- C:\Users\Erxleben\AppData\Local\locked-EmptySettings.xml.xkpw
[2012.04.25 13:01:33 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.04.16 09:52:21 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.16 09:52:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.04.03 08:01:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.12 10:58:24 | 000,004,827 | ---- | C] () -- C:\Users\Erxleben\AppData\Local\locked-EmptySettings.xml.xkpw
[2011.12.21 11:59:56 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll
[2011.12.21 11:59:56 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll
[2011.12.21 11:43:06 | 000,000,151 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.21 11:22:42 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2011.12.21 11:20:23 | 000,000,111 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2011.12.21 11:18:43 | 000,000,112 | ---- | C] () -- C:\Windows\Startup.INI
[2011.12.16 10:31:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.02.11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.02.11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.02.11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.01.24 07:59:05 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011.01.24 07:59:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.12.20 19:40:29 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010.09.22 17:48:26 | 000,032,352 | ---- | C] () -- C:\Windows\System32\JNILibrary.dll
[2010.09.22 17:48:06 | 000,114,272 | ---- | C] () -- C:\Windows\System32\INetCert.dll

< End of report >
--- --- ---

markusg 26.04.2012 16:35
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [50AEEBAE] C:\Users\Erxleben\AppData\Roaming\Oyyr\55CA429250AEEBAE283A.exe (Tastiera penna)
 :Files
C:\Users\Erxleben\AppData\Roaming\Oyyr
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27