| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Small.FI und TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.06.2012, 13:38
| #1 |
 |  TR/Small.FI und TR/ATRAPS.Gen2 Liebes Trojaner-Board Team, seit ca. einer Woche meldet Avira Free Antivirus regelmäßig die Funde von TR/Small.FI und TR/Atraps.Gen2 trotz mehrerer Versuche diese zu Entfernen (durch Avira). Durch Goolge bin ich auf euer Board gestossen und habe sogleich die in der Anleitung beschriebenen Scans durchgeführt. Defogger lief Problemlos durch. Im folgenden Poste ich die Scanlogs: OTL.txt: Code:
ATTFilter OTL logfile created on: 22.06.2012 11:46:31 - Run 1 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\PC Sek Vorn\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 988,80 Mb Total Physical Memory | 437,79 Mb Available Physical Memory | 44,27% Memory free 1,97 Gb Paging File | 0,94 Gb Available in Paging File | 47,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,59 Gb Total Space | 184,35 Gb Free Space | 83,19% Space Free | Partition Type: NTFS Computer Name: PCSEKVORN-PC | User Name: PC Sek Vorn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 11:42:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\PC Sek Vorn\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.03.15 09:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- c:\Programme\Trend Micro\Client Server Security Agent\TmProxy.exe PRC - [2012.03.08 04:19:44 | 001,336,464 | ---- | M] (Trend Micro Inc.) -- c:\Programme\Trend Micro\Client Server Security Agent\NTRtScan.exe PRC - [2012.02.07 23:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- c:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe PRC - [2012.02.07 23:13:50 | 000,024,592 | ---- | M] (Trend Micro Inc.) -- c:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe PRC - [2012.01.09 13:46:34 | 001,107,472 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\Client Server Security Agent\PccNTMon.exe PRC - [2011.12.08 20:29:52 | 001,531,392 | ---- | M] (Trend Micro Inc.) -- c:\Programme\Trend Micro\Client Server Security Agent\TmListen.exe PRC - [2011.07.31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.03 04:31:52 | 000,345,616 | ---- | M] () -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.08.25 21:27:30 | 002,075,480 | ---- | M] (Dell, Inc.) -- C:\Programme\Dell\Dell Datasafe Online\NOBuAgent.exe PRC - [2010.07.21 15:48:16 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- c:\Programme\Trend Micro\Client Server Security Agent\TmPfw.exe PRC - [2009.08.17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe PRC - [2009.04.01 00:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 13:05:58 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012.06.13 13:00:00 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012.05.14 15:49:07 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll MOD - [2012.05.14 13:00:54 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.14 13:00:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012.05.14 13:00:30 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.14 13:00:21 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.03.15 09:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Programme\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy) SRV - [2012.03.08 04:19:44 | 001,336,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Programme\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan) SRV - [2012.02.07 23:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Programme\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost) SRV - [2011.12.08 20:29:52 | 001,531,392 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Programme\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.03 04:31:52 | 000,345,616 | ---- | M] () [On_Demand | Running] -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 14:01:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.25 21:27:30 | 002,075,480 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.07.21 15:48:16 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Programme\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Programme\Broadcom\BPowMon\BPowMon.exe -- (BPowMon) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.04.01 00:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters) ========== Driver Services (SafeList) ========== DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.03 11:05:46 | 000,062,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmactmon.sys -- (tmactmon) DRV - [2011.10.03 11:05:30 | 000,054,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tmevtmgr.sys -- (tmevtmgr) DRV - [2011.10.03 11:05:18 | 000,165,136 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\tmcomm.sys -- (tmcomm) DRV - [2011.07.12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Programme\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter) DRV - [2011.07.12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Programme\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter) DRV - [2011.07.12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Programme\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt) DRV - [2011.03.28 11:16:06 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp) DRV - [2011.03.28 11:16:06 | 000,146,000 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf) DRV - [2011.03.28 11:16:06 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.21 22:50:48 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F} IE - HKLM\..\SearchScopes\{9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {9FBFBEB1-E0F9-4374-B2DC-A90E6BB5EB8F} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.82.0.1018 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.09 09:28:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1045\FirefoxExtension [2012.04.24 12:28:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.06 11:54:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.06 11:54:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.14 15:26:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.05.13 12:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Sek Vorn\AppData\Roaming\mozilla\Extensions [2011.05.13 12:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Sek Vorn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.22 11:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Sek Vorn\AppData\Roaming\mozilla\Firefox\Profiles\c1x3cbym.default\extensions [2012.06.22 11:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC Sek Vorn\AppData\Roaming\mozilla\Firefox\Profiles\c1x3cbym.default\extensions\staged [2012.06.18 17:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.18 17:19:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.04.24 12:28:25 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\CLIENT SERVER SECURITY AGENT\BHO\1045\FIREFOXEXTENSION [2012.01.09 15:33:49 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PC SEK VORN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C1X3CBYM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.08.31 01:15:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.08.30 22:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.30 22:29:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.08.30 22:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.30 22:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.30 22:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.30 22:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Programme\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Programme\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [OE] c:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.) O4 - Startup: C:\Users\PC Sek Vorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 7.lnk = C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.57.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3282CAD0-1213-4EE2-B719-464A72364978}: DhcpNameServer = 192.168.57.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Programme\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 11:42:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\PC Sek Vorn\Desktop\OTL.exe [2012.06.18 17:57:37 | 000,000,000 | ---D | C] -- C:\Logs [2012.06.18 17:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.06.18 17:19:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.18 17:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.18 16:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012.06.12 16:18:56 | 000,000,000 | ---D | C] -- C:\Users\PC Sek Vorn\AppData\Local\Macromedia [2012.06.12 15:41:13 | 000,000,000 | ---D | C] -- C:\Users\PC Sek Vorn\AppData\Roaming\Avira [2012.06.12 15:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.12 15:34:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.06.12 15:34:30 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.06.12 15:34:27 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.06.12 15:34:24 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.06.12 15:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.12 15:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.06.08 12:50:54 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2012.06.08 12:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\529C50840382271D03A908ABB4EB23C1 [2012.06.08 10:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010.12.31 16:30:07 | 295,861,936 | ---- | C] (Microsoft Corporation) -- C:\Users\PC Sek Vorn\X16-32587.exe ========== Files - Modified Within 30 Days ========== [2012.06.22 11:42:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\PC Sek Vorn\Desktop\OTL.exe [2012.06.22 11:41:34 | 000,000,000 | ---- | M] () -- C:\Users\PC Sek Vorn\defogger_reenable [2012.06.22 11:39:03 | 000,050,477 | ---- | M] () -- C:\Users\PC Sek Vorn\Desktop\Defogger.exe [2012.06.22 10:55:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.22 08:25:49 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini [2012.06.22 08:21:59 | 777,625,600 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 14:35:59 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 14:35:59 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 09:25:46 | 002,286,328 | ---- | M] () -- C:\Users\PC Sek Vorn\BH1700_120620_092527.zip [2012.06.18 16:37:55 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.06.18 16:37:55 | 000,001,126 | ---- | M] () -- C:\Users\PC Sek Vorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 7.lnk [2012.06.14 08:30:34 | 000,314,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 13:04:51 | 000,808,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.13 13:04:51 | 000,770,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.13 13:04:51 | 000,179,076 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.13 13:04:51 | 000,155,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.13 10:32:33 | 000,002,771 | ---- | M] () -- C:\Users\Public\Desktop\Lexware lohn+gehalt.lnk [2012.06.13 09:06:45 | 002,283,915 | ---- | M] () -- C:\Users\PC Sek Vorn\BH1700_120613_090633.zip [2012.06.12 15:35:27 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk ========== Files Created - No Company Name ========== [2012.06.22 11:41:34 | 000,000,000 | ---- | C] () -- C:\Users\PC Sek Vorn\defogger_reenable [2012.06.22 11:39:01 | 000,050,477 | ---- | C] () -- C:\Users\PC Sek Vorn\Desktop\Defogger.exe [2012.06.20 09:25:35 | 002,286,328 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120620_092527.zip [2012.06.18 18:34:43 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\00000001.@ [2012.06.18 17:33:33 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\800000cb.@ [2012.06.18 17:33:33 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\80000000.@ [2012.06.18 17:27:55 | 000,001,126 | ---- | C] () -- C:\Users\PC Sek Vorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer 7.lnk [2012.06.18 16:37:55 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.06.18 16:37:54 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.06.13 10:32:33 | 000,002,771 | ---- | C] () -- C:\Users\Public\Desktop\Lexware lohn+gehalt.lnk [2012.06.13 09:06:35 | 002,283,915 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120613_090633.zip [2012.06.12 15:35:27 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.23 11:05:06 | 002,280,140 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120523_110504.zip [2012.05.18 10:45:59 | 002,277,324 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120518_104558.zip [2012.05.07 17:47:20 | 002,273,533 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120507_174719.zip [2012.04.26 17:03:32 | 002,270,961 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120426_170329.zip [2012.04.17 15:58:12 | 000,207,728 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2012.04.17 15:58:12 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.04.17 15:58:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.04.17 15:58:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2012.04.04 09:25:51 | 002,266,175 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120404_092548.zip [2012.03.21 11:26:14 | 002,261,691 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120321_102611.zip [2012.03.14 12:12:00 | 002,258,262 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120314_111157.zip [2012.02.29 10:55:08 | 002,255,267 | ---- | C] () -- C:\Users\PC Sek Vorn\BH1700_120229_095506.zip [2012.02.03 12:01:25 | 002,245,764 | ---- | C] () -- C:\Users\PC Sek Vorn\(SYS)BH1700_120203_110046.zip [2012.01.11 09:27:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\@ [2012.01.11 09:27:28 | 000,002,048 | -HS- | C] () -- C:\Users\PC Sek Vorn\AppData\Local\{59e74704-7a8c-b201-e149-d2fe65250c47}\@ [2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2010.12.31 17:11:37 | 000,038,439 | ---- | C] () -- C:\Users\PC Sek Vorn\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.12.09 17:52:13 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.12.09 17:52:13 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.12.09 17:52:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.12.09 09:06:50 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.12.09 09:06:50 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== LOP Check ========== [2012.06.12 16:16:23 | 000,000,000 | ---D | M] -- C:\Users\PC Sek Vorn\AppData\Roaming\FreePDF [2012.06.13 10:36:55 | 000,000,000 | ---D | M] -- C:\Users\PC Sek Vorn\AppData\Roaming\Lexware [2011.05.13 11:14:53 | 000,000,000 | ---D | M] -- C:\Users\PC Sek Vorn\AppData\Roaming\PCDr [2011.05.13 12:42:01 | 000,000,000 | ---D | M] -- C:\Users\PC Sek Vorn\AppData\Roaming\Thunderbird [2010.12.31 15:50:44 | 000,000,000 | ---D | M] -- C:\Users\PC Sek Vorn\AppData\Roaming\Windows Live Writer [2012.05.29 08:20:24 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.06.2012 11:46:31 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\PC Sek Vorn\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
988,80 Mb Total Physical Memory | 437,79 Mb Available Physical Memory | 44,27% Memory free
1,97 Gb Paging File | 0,94 Gb Available in Paging File | 47,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,59 Gb Total Space | 184,35 Gb Free Space | 83,19% Space Free | Partition Type: NTFS
Computer Name: PCSEKVORN-PC | User Name: PC Sek Vorn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15E9B7EE-6700-492F-B41D-767BE93EFD93}" = Lexware lohn+gehalt 2012
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{555022FC-04EE-4B2F-A07C-4F92330F35D2}" = Lexware Elster
"{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}" = Broadcom Management Programs
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}" = Trend Micro Client/Server Security Agent
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"Office14.OUTLOOKR" = Microsoft Outlook 2010
"sv.net" = sv.net
"TeamViewer 7" = TeamViewer 7
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.03.2012 04:52:03 | Computer Name = PCSekVorn-PC | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
svnet: Thread ID: 5756 ,Logged: Fehler 28 beim Entpacken
Error - 06.03.2012 04:56:51 | Computer Name = PCSekVorn-PC | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
svnet: Thread ID: 5756 ,Logged: Fehler 28 beim Entpacken
Error - 12.03.2012 07:22:15 | Computer Name = PCSekVorn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IPView.exe, Version: 6.3.0.2, Zeitstempel:
0x44ea3b81 Name des fehlerhaften Moduls: IPVIEDisplay.dll, Version: 6.1.1.1, Zeitstempel:
0x44e5b89c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000308ce ID des fehlerhaften Prozesses:
0x328 Startzeit der fehlerhaften Anwendung: 0x01cd003feeb9d39b Pfad der fehlerhaften
Anwendung: D:\IPView\IPView.exe Pfad des fehlerhaften Moduls: D:\IPView\plugins\IPVIEDisplay.dll
Berichtskennung:
9e8a75ae-6c35-11e1-813f-842b2b89b1a8
Error - 13.03.2012 10:12:49 | Computer Name = PCSekVorn-PC | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
svnet: Thread ID: 6140 ,Logged: Fehler 28 beim Entpacken
Error - 30.03.2012 03:51:42 | Computer Name = PCSekVorn-PC | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
svnet: Thread ID: 5228 ,Logged: Fehler 28 beim Entpacken
Error - 30.03.2012 03:55:31 | Computer Name = PCSekVorn-PC | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
svnet: Thread ID: 5228 ,Logged: Fehler 28 beim Entpacken
Error - 04.04.2012 03:39:44 | Computer Name = PCSekVorn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Pcbh32.exe, Version: 17.0.0.175,
Zeitstempel: 0x4e9fe680 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000d36f ID des fehlerhaften
Prozesses: 0xa48 Startzeit der fehlerhaften Anwendung: 0x01cd123437274cf8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Lexware\buchhalter\2012\Pcbh32.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 57d93291-7e29-11e1-bf3c-842b2b89b1a8
Error - 04.04.2012 04:22:34 | Computer Name = PCSekVorn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Pcbh32.exe, Version: 17.0.0.175,
Zeitstempel: 0x4e9fe680 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000d36f ID des fehlerhaften
Prozesses: 0x714 Startzeit der fehlerhaften Anwendung: 0x01cd12361fc0e155 Pfad der
fehlerhaften Anwendung: C:\Program Files\Lexware\buchhalter\2012\Pcbh32.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 53af5c85-7e2f-11e1-bf3c-842b2b89b1a8
Error - 10.04.2012 11:39:04 | Computer Name = PCSekVorn-PC | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
svnet: Thread ID: 3812 ,Logged: Fehler 28 beim Entpacken
Error - 18.04.2012 05:04:23 | Computer Name = PCSekVorn-PC | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
svnet: Thread ID: 6108 ,Logged: Fehler 28 beim Entpacken
[ OSession Events ]
Error - 31.03.2011 07:01:09 | Computer Name = PCSekVorn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16479
seconds with 6060 seconds of active time. This session ended with a crash.
Error - 14.11.2011 11:52:29 | Computer Name = PCSekVorn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7580
seconds with 1200 seconds of active time. This session ended with a crash.
Error - 01.02.2012 12:57:56 | Computer Name = PCSekVorn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12992
seconds with 5760 seconds of active time. This session ended with a crash.
Error - 07.05.2012 06:57:09 | Computer Name = PCSekVorn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15246
seconds with 8760 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 22.06.2012 04:56:18 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 22.06.2012 04:56:18 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 22.06.2012 04:56:31 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 22.06.2012 04:56:31 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 22.06.2012 04:56:32 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 22.06.2012 04:56:32 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 22.06.2012 04:56:33 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 22.06.2012 04:56:33 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 22.06.2012 04:56:34 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 22.06.2012 04:56:34 | Computer Name = PCSekVorn-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 12:50:09
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500AAJS-75M0A0 rev.02.03E02
Running: ussjdpq5.exe; Driver: C:\Users\PCSEKV~1\AppData\Local\Temp\uxtdquoc.sys
---- System - GMER 1.0.15 ----
SSDT 855FCFCC ZwCreateKey
SSDT 822A0A44 ZwCreateMutant
SSDT 8233D97C ZwCreateProcess
SSDT 822AE274 ZwCreateProcessEx
SSDT 8C55A6C6 ZwCreateSection
SSDT 84F04944 ZwCreateThread
SSDT 863A46D4 ZwCreateThreadEx
SSDT 822AE234 ZwCreateUserProcess
SSDT 861AC754 ZwDeleteKey
SSDT 861AC714 ZwDeleteValueKey
SSDT 863A4694 ZwLoadDriver
SSDT 85D2B4B4 ZwOpenProcess
SSDT 8C55A6D0 ZwRequestWaitReplyPort
SSDT 8C55A6CB ZwSetContextThread
SSDT 8C55A6D5 ZwSetSecurityObject
SSDT 822A0A04 ZwSetSystemInformation
SSDT 855FCF8C ZwSetValueKey
SSDT 8C55A6DA ZwSystemDebugControl
SSDT 85D2B474 ZwTerminateProcess
SSDT 84F04984 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A5B3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A94D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82A9BE74 4 Bytes [CC, CF, 5F, 85]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82A9BE84 3 Bytes [44, 0A, 2A] {INC ESP; OR CH, [EDX]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82A9BE98 3 Bytes [7C, D9, 33]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E7 82A9BE9C 3 Bytes [74, E2, 2A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A9BEAC 4 Bytes [C6, A6, 55, 8C]
.text ...
? system32\DRIVERS\tmcomm.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\DRIVERS\tmevtmgr.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\DRIVERS\tmactmon.sys Das System kann den angegebenen Pfad nicht finden. !
---- User code sections - GMER 1.0.15 ----
? C:\Windows\system32\services.exe[516] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.22.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 PC Sek Vorn :: PCSEKVORN-PC [Administrator] 22.06.2012 13:23:04 mbam-log-2012-06-22 (14-33-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 194230 Laufzeit: 1 Stunde(n), 2 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\PC Sek Vorn\AppData\Local\{59e74704-7a8c-b201-e149-d2fe65250c47}\n. -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\n (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt. C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt. C:\Windows\Installer\{59e74704-7a8c-b201-e149-d2fe65250c47}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) Viele Grüße, jogspr |
| Themen zu TR/Small.FI und TR/ATRAPS.Gen2 |
| antivirus, autorun, avira, bho, bingbar, document, entfernen, error, explorer, fehler, firefox, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, locker, logfile, microsoft office word, monitor, office 2007, opera, plug-in, realtek, registry, rundll, searchscopes, security, senden, server, services.exe, trojaner-board, udp, version=1.0, windows |
Baum-Darstellung