| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum Virus - wirklich entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.08.2012, 10:08
| #1 |
 |  Live Security Platinum Virus - wirklich entfernt? Hallo liebe Forumsgemeinde! Echt super, dass es Leute wie euch gibt, die Ihre Zeit opfern um unerfahrenen Usern zu helfen! Ich habe nun auch ein Problem. Ich habe mir vor ein paar Tagen ( Befall genau 30.07.12 21:40 Uhr ) den Live Security Platinum Virus eingefangen. Daraufhin habe ich wie von Chip.de empfohlen (hxxp://www.chip.de/news/Live-Security-Platinum-Virus-entfernen-So-klappt-s_56857805.html) einen USB-Stick mit SARDU erstellt und von diesem gebootet. Danach habe ich bestimmt 8 Antivirenscans gemacht. Bei vielen der Programme gelang mir allerdings keine Internetverbindung. Mit dem Programm „Kaspersky“ hat es dann funktioniert, er hat auch einige infizierte Dateien gefunden. Diese habe ich das Programm dann löschen lassen. Allerdings lief der Scan immer nur bis etwa 20 % durch. Andere Scans liefen dagegen ganz durch und haben auch sporadisch mal eine Datei gefunden, die ich dann ebenfalls reparieren oder löschen ließ ( Je nachdem, was das Programm empfohlen hatte ). Nach vielen Scans startete ich dann den Rechner wieder normal. Der Virus war offensichtlich weg. Allerdings dauerte das booten einen kleinen Tick länger ( Bei Windows 7 kommen ja vier kleine leuchtende Bälle am Anfang, die das Windowslogo ergeben. Dies dauert auch grade noch zu lange. ) Ich habe dann im normalen Modus noch Malwarebytes ( 1 Fund ), SUPERAntiSpyware ( 75 Funde ) und den Avira AntivirScan ( 1 Fund ) durchlaufen lassen und die Funde je nach Empfehlung des Programms desinfiziert oder gelöscht. Aber so richtig traue ich meinem System immernoch nicht. Es wäre wirklich supernett, wenn Jemand mal über die Logdaten drüberschauen könnte! Hier der OTL.txt File: Code:
ATTFilter OTL logfile created on: 06.08.2012 10:01:27 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Anne\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 66,74% Memory free 5,73 Gb Paging File | 4,67 Gb Available in Paging File | 81,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 30,99 Gb Free Space | 11,61% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 20,26 Gb Free Space | 67,54% Space Free | Partition Type: NTFS Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.06 10:00:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe PRC - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.12.07 20:19:08 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe PRC - [2010.04.06 17:58:46 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.01.13 10:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ========== Win32 Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - [2012.07.01 10:58:22 | 000,860,928 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2012.07.01 10:58:21 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012.07.01 10:58:21 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.07.01 10:58:21 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.26 12:42:28 | 000,191,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudio.sys -- (paeusbaudio) DRV - [2011.08.26 12:42:28 | 000,063,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudiodsp.sys -- (paeusbaudiodsp) DRV - [2011.08.26 12:42:28 | 000,042,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudioks.sys -- (paeusbaudioks) DRV - [2010.12.07 20:19:00 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK) DRV - [2010.07.29 17:47:40 | 000,094,624 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCA2000.SYS -- (BCA2000) DRV - [2010.07.29 17:47:40 | 000,027,328 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCA2000WDM.SYS -- (BCA2000WDM) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.17 16:01:52 | 000,019,712 | ---- | M] (Clavia DMI AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ClaviaUSB.sys -- (CLAVIAUSB) DRV - [2010.03.24 17:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.03.04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.02.10 15:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010.02.04 13:54:32 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2010.02.03 05:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.01.19 18:55:06 | 000,996,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd) DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2004.07.26 07:28:12 | 000,020,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\bca2000ldr.sys -- (NULOAD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0CF0D63E-77C0-4257-B156-31AA753A0435}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.29 18:28:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 11:10:34 | 000,000,000 | ---D | M] [2010.07.01 09:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Extensions [2012.05.02 08:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\xmw4219a.default\extensions [2012.04.06 11:28:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\xmw4219a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.08.04 18:29:57 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-1.xml [2010.10.24 18:26:16 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-2.xml [2010.10.28 17:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-3.xml [2010.12.11 15:48:08 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-4.xml [2010.10.13 22:47:45 | 000,001,056 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin.xml [2012.04.13 11:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.04.13 11:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.03.29 18:28:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.13 11:18:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [AudioBox VSL] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CE461E9-3F24-4351-85F3-DE5D1EF8596C}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1A89514-5EF6-41AB-885C-0EBA09EE6156}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell - "" = AutoRun O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.06 10:00:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe [2012.08.05 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Downloaded Installations [2012.08.04 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes [2012.08.04 18:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.04 18:31:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.04 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.04 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.01 15:04:41 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.30 21:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\6C82D0E90007E17A025E048A4F147CE7 [2012.07.24 12:42:10 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\Neuer Ordner [2012.07.09 13:13:28 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Avira [2012.07.09 13:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.09 13:01:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.07.09 13:01:46 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.09 13:01:46 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.09 13:01:46 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.07.09 13:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.09 13:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.06 10:02:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.06 10:02:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.06 10:00:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe [2012.08.06 09:59:27 | 000,000,000 | ---- | M] () -- C:\Users\Anne\defogger_reenable [2012.08.06 09:55:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.06 09:55:06 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2012.08.04 18:31:22 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.30 20:30:51 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.30 20:30:51 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.30 20:30:51 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.30 20:30:51 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.30 15:07:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.07.21 13:34:27 | 321,115,714 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.12 21:48:37 | 000,425,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.06 09:59:27 | 000,000,000 | ---- | C] () -- C:\Users\Anne\defogger_reenable [2012.08.04 18:31:22 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.09 12:10:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2012.05.31 11:38:26 | 000,004,468 | ---- | C] () -- C:\Users\Anne\öojölk.aup [2012.05.09 19:49:18 | 000,000,892 | ---- | C] () -- C:\Users\Anne\.recently-used.xbel [2012.04.17 15:34:14 | 000,007,607 | ---- | C] () -- C:\Users\Anne\AppData\Local\Resmon.ResmonCfg [2012.04.13 18:42:55 | 000,191,312 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudio.sys [2012.04.13 18:42:55 | 000,063,824 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudiodsp.sys [2012.04.13 18:42:55 | 000,042,320 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudioks.sys [2012.01.30 21:51:17 | 000,013,495 | ---- | C] () -- C:\Users\Anne\Unbenannt 1.odt [2012.01.12 11:15:18 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012.01.11 12:11:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@ [2012.01.11 12:11:18 | 000,002,048 | -HS- | C] () -- C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@ [2012.01.02 17:22:04 | 000,000,674 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\SMRResults210.dat [2011.03.17 20:58:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.08 17:16:52 | 000,079,519 | ---- | C] () -- C:\Users\Anne\ESt2010_Richter_Anne.elfo [2010.12.21 10:32:19 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.11.02 15:35:29 | 000,011,776 | ---- | C] () -- C:\Users\Anne\lied.wps [2010.09.24 08:38:14 | 000,004,114 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\wklnhst.dat [2010.09.02 10:27:54 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll [2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== LOP Check ========== [2011.04.24 14:24:34 | 000,000,000 | -HSD | M] -- C:\Users\Anne\AppData\Roaming\.# [2010.09.02 09:40:23 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Ableton [2012.07.13 02:01:51 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ALDITALKVerbindungsassistent [2011.04.20 10:17:40 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ALDI_SUED_Mah_Jong [2012.01.27 12:51:47 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Canon [2010.09.02 10:25:34 | 000,000,00a 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PreSonus [2010.10.07 09:15:06 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Telefónica [2010.10.23 23:25:09 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Template [2012.05.26 13:51:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1131 bytes -> C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa:UZx3r6cEDs006sVzXVnEuQwp3l < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.08.2012 10:01:27 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Anne\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 66,74% Memory free
5,73 Gb Paging File | 4,67 Gb Available in Paging File | 81,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 30,99 Gb Free Space | 11,61% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,26 Gb Free Space | 67,54% Space Free | Partition Type: NTFS
Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2991DD80-25AE-471E-9981-D572CA0887EE}" = Flux_StereoTool
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1" = AudioBox VSL version 1.0
"{5776E400-655A-44E0-B67C-A236E498AB26}" = Flux_BitterSweetII
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96472D82-0239-11E0-9776-199EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x86)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58DEDD0-9C32-43AB-9FCF-1B8CFB9ABA67}" = Max 5.1.4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Arturia.Minimoog.V.v1.5-DAC" = Arturia.Minimoog.V.v1.5-DAC
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Audacity_is1" = Audacity 1.2.6
"AURC_is1" = Audacity Recovery Utility
"Avira AntiVir Desktop" = Avira Free Antivirus
"Clavia USB Driver v3.00" = Clavia USB Driver v3.00
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"Finale NotePad 2012" = Finale NotePad 2012
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hydrogen" = Hydrogen
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Live 8.1.1" = Live 8.1.1
"M30 Reverb" = M30 Reverb
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"minimoogv2_5_is1" = minimoog-v Original 2.5.3
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Nord Sample Editor" = Nord Sample Editor v2.00
"Nord Sound Manager" = Nord Sound Manager v5.00
"Nord Sound Manager v5.30" = Nord Sound Manager v5.30
"PreSonus FaderPort_is1" = PreSonus FaderPort
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"W735EQ" = W735EQ
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.07.2012 06:45:57 | Computer Name = Anne-PC | Source = RasClient | ID = 20227
Description =
Error - 12.07.2012 11:32:03 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 14.07.2012 12:36:15 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 15.07.2012 14:11:54 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 20.07.2012 17:19:38 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 23.07.2012 09:55:48 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 25.07.2012 09:57:28 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 30.07.2012 09:10:40 | Computer Name = Anne-PC | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.5.8.2975 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10b8 Startzeit:
01cd6e547eb4c13c Endzeit: 0 Anwendungspfad: C:\Program Files\Winamp\winamp.exe Berichts-ID:
f2ea32c4-da47-11e1-9e7f-00262dbf99ae
Error - 31.07.2012 12:33:13 | Computer Name = Anne-PC | Source = VSS | ID = 8194
Description =
Error - 04.08.2012 12:31:06 | Computer Name = Anne-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 12.3.0.15,
Zeitstempel: 0x4fa05b53 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49caf Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c33bb ID des fehlerhaften
Prozesses: 0x7a8 Startzeit der fehlerhaften Anwendung: 0x01cd725dff66db92 Pfad der
fehlerhaften Anwendung: C:\Program Files\Avira\AntiVir Desktop\avguard.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c9c9d4f2-de51-11e1-887e-00262dbf99ae
[ Media Center Events ]
Error - 22.07.2012 06:01:04 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 12:01:04 - Fehler beim Herstellen der Internetverbindung. 12:01:04
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2012 06:01:23 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 12:01:10 - Fehler beim Herstellen der Internetverbindung. 12:01:10
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2012 07:01:27 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 13:01:27 - Fehler beim Herstellen der Internetverbindung. 13:01:27
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2012 07:01:37 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 13:01:32 - Fehler beim Herstellen der Internetverbindung. 13:01:32
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2012 08:38:18 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 14:38:17 - Fehler beim Herstellen der Internetverbindung. 14:38:18
- Serververbindung konnte nicht hergestellt werden..
Error - 22.07.2012 08:39:21 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 14:38:23 - Fehler beim Herstellen der Internetverbindung. 14:38:23
- Serververbindung konnte nicht hergestellt werden..
Error - 04.08.2012 12:40:28 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 18:40:27 - Fehler beim Herstellen der Internetverbindung. 18:40:28
- Serververbindung konnte nicht hergestellt werden..
Error - 04.08.2012 13:01:14 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 18:40:42 - Fehler beim Herstellen der Internetverbindung. 18:40:42
- Serververbindung konnte nicht hergestellt werden..
Error - 04.08.2012 14:05:16 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 20:05:10 - Fehler beim Herstellen der Internetverbindung. 20:05:11
- Serververbindung konnte nicht hergestellt werden..
Error - 04.08.2012 15:05:34 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 21:05:30 - Fehler beim Herstellen der Internetverbindung. 21:05:30
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 05.08.2012 05:48:23 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 05.08.2012 05:48:23 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 05.08.2012 06:09:12 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 05.08.2012 06:09:12 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 06.08.2012 03:55:17 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Behringer BCA2000 Bootloader" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 06.08.2012 03:55:19 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 06.08.2012 03:55:19 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 06.08.2012 03:55:19 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 06.08.2012 03:55:52 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 06.08.2012 03:55:52 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-06 10:52:41
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: eyr9upv6.exe; Driver: C:\Users\Anne\AppData\Local\Temp\pwldrpow.sys
---- System - GMER 1.0.15 ----
SSDT 9166893E ZwCreateSection
SSDT 91668948 ZwRequestWaitReplyPort
SSDT 91668943 ZwSetContextThread
SSDT 9166894D ZwSetSecurityObject
SSDT 91668952 ZwSystemDebugControl
SSDT 916688DF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83259599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327E092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 83285990 4 Bytes [3E, 89, 66, 91] {MOV DS:[ESI-0x6f], ESP}
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 83285CEC 4 Bytes [48, 89, 66, 91] {DEC EAX; MOV [ESI-0x6f], ESP}
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 83285D30 4 Bytes [43, 89, 66, 91] {INC EBX; MOV [ESI-0x6f], ESP}
.text ntkrnlpa.exe!RtlSidHashLookup + 75C 83285DAC 4 Bytes [4D, 89, 66, 91] {DEC EBP; MOV [ESI-0x6f], ESP}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B0 83285E00 4 Bytes [52, 89, 66, 91] {PUSH EDX; MOV [ESI-0x6f], ESP}
.text ...
PAGE peauth.sys AD60DB9B 72 Bytes [8E, 99, 59, E8, 25, 7E, A4, ...]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
 jetzt schonmal  |
| Themen zu Live Security Platinum Virus - wirklich entfernt? |
| audacity, autorun, avira, bho, bonjour, booten, chip.de, error, excel, explorer, fehler, firefox, flash player, format, home, infizierte, infizierte dateien, install.exe, live security platinum, locker, logfile, ntdll.dll, office 2007, opera, plug-in, realtek, registry, richtlinie, rundll, security, software, super, superantispyware, system, trojaner, usb 2.0, virus, windows |
Baum-Darstellung