Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Fehlermeldung: Programm funktioniert nicht mehr (https://www.trojaner-board.de/98391-fehlermeldung-programm-funktioniert-mehr.html)

Woozie 28.04.2011 12:58
Fehlermeldung: Programm funktioniert nicht mehr
 
Hallo,
vorab ich bin neu im Forum und bitte daher Fehler und mißverständnisse zu entschuldigen.

Zu meinem Problem:
Auf dem betroffenen Pc war die kostenlose Version von Avast installiert doch die registrierung dieser wurde nicht verlängert, sodass mit dem Computer ca. 2 Wochen ungeschützt gesurft wurde. Nach diesen 2 wochen trat das Problem auf, dass egal bei welchem probgramm die fehlermeldung auftrat: z.b. Windows Problem reporting funktioniert nicht mehr Windows kann online nach einer Lösung suchen. Mit der Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: wermgr.exe
Anwendungsversion: 6.0.6001.18000
Anwendungszeitstempel: 47918ca1
Fehlermodulname: kernel32.dll
Fehlermodulversion: 6.0.6001.18215
Fehlermodulzeitstempel: 49953395
Ausnahmecode: c000008c
Ausnahmeoffset: 00038ade
Betriebsystemversion: 6.0.6001.2.1.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: f345
Zusatzinformation 2: fc2493e0cff02c0cb5b59bf96ad33be2
Zusatzinformation 3: f345
Zusatzinformation 4: fc2493e0cff02c0cb5b59bf96ad33be2

davon sind alle Programme ausnahmslos betroffen doch nach mehrmaligem starten funktionieren sie dann meistens doch trotz der sich öffnenden fehlermeldung.

Hier der OTL report:OTL Logfile:
Code:
OTL logfile created on: 28.04.2011 13:30:30 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Petra\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 228,98 Gb Free Space | 79,42% Space Free | Partition Type: NTFS
 
Computer Name: PETRA-NOTEBOOK | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.28 13:06:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
PRC - [2011.04.28 12:40:16 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.11 13:27:27 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.30 14:12:58 | 001,032,192 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009.06.14 07:43:11 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.05.30 20:48:17 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Petra\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.17 21:52:52 | 005,031,336 | ---- | M] (GMX GmbH) -- C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE
PRC - [2009.04.15 16:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.04.15 16:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.02.24 02:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.10.24 21:18:26 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Programme\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2003.04.06 02:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003.04.06 02:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.28 13:06:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2009.04.15 16:18:26 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.28 12:40:16 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.11 13:27:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.11 13:27:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.02.27 13:09:15 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2011.01.10 14:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.21 04:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.01.28 09:51:40 | 004,303,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.12.30 00:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Petra\AppData\Roaming\5015 [2011.04.09 16:57:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.02 19:44:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.02 19:44:20 | 000,000,000 | ---D | M]
 
[2009.06.08 19:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\mozilla\Extensions
[2011.04.04 19:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\mozilla\Firefox\Profiles\wd76wu7k.default\extensions
[2009.09.06 19:57:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Petra\AppData\Roaming\mozilla\Firefox\Profiles\wd76wu7k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.02 19:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2010.01.13 18:07:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.04.09 16:57:30 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\PETRA\APPDATA\ROAMING\5015
() (No name found) -- C:\USERS\PETRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WD76WU7K.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GMX_GMX MultiMessenger] C:\Program Files\GMX\GMX MultiMessenger\MESSENGR.EXE (GMX GmbH)
O4 - Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Petra\AppData\Roaming\appconf32.exe) - C:\Users\Petra\AppData\Roaming\appconf32.exe ()
O24 - Desktop WallPaper: C:\Users\Petra\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Petra\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3b7486e6-286b-11df-9597-001f16a8d701}\Shell - "" = AutoRun
O33 - MountPoints2\{3b7486e6-286b-11df-9597-001f16a8d701}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 13:06:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Petra\Desktop\Erunt-setup.exe
[2011.04.28 13:06:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
[2011.04.28 13:06:52 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Petra\Desktop\TFC.exe
[2011.04.28 12:38:14 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Petra\AppData\Roaming\AcroIEHelpe028.dll
[2011.04.10 18:14:38 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Avira
[2011.04.09 16:57:30 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\5015
[2011.04.09 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\xmldm
[2011.04.09 16:57:17 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\kock
[2011.04.06 22:36:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.04.06 22:36:54 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.06 22:36:54 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.04.06 22:36:54 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.04.06 22:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.04.06 18:43:45 | 000,000,000 | ---D | C] -- C:\Users\Petra\Dustin NEU_mcf-Dateien
[2011.04.02 19:19:26 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\vlc
[2011.04.02 19:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.04.02 19:15:32 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.04.02 19:15:05 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2011.04.02 19:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2009.06.14 07:47:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Petra\AppData\Roaming\*.tmp files -> C:\Users\Petra\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 13:23:28 | 000,630,268 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.28 13:23:28 | 000,598,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.28 13:23:28 | 000,127,252 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.28 13:23:28 | 000,105,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.28 13:16:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 13:16:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 13:15:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 13:15:30 | 3215,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.28 13:09:51 | 246,128,008 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.28 13:06:57 | 000,301,568 | ---- | M] () -- C:\Users\Petra\Desktop\g2m3e4r.exe
[2011.04.28 13:06:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Petra\Desktop\Erunt-setup.exe
[2011.04.28 13:06:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\OTL.exe
[2011.04.28 13:06:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Desktop\TFC.exe
[2011.04.28 13:05:37 | 000,377,260 | ---- | M] () -- C:\Users\Petra\Desktop\Load.exe
[2011.04.28 12:38:15 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Petra\AppData\Roaming\AcroIEHelpe028.dll
[2011.04.12 08:23:45 | 000,293,288 | ---- | M] () -- C:\Users\Petra\Dustin NEU.mcf
[2011.04.12 08:21:33 | 000,293,288 | ---- | M] () -- C:\Users\Petra\Dustin NEU.mcf~
[2011.04.11 16:53:30 | 000,345,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.11 14:58:54 | 000,007,512 | ---- | M] () -- C:\Users\Petra\AppData\Local\d3d9caps.dat
[2011.04.11 13:27:27 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.10 16:21:06 | 000,050,688 | ---- | M] () -- C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.10 09:18:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null0.9100247397509212.exe
[2011.04.07 14:29:14 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2011.04.07 14:29:14 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk
[2011.04.06 13:53:12 | 000,057,162 | ---- | M] () -- C:\Users\Petra\Fotobuch Dustin.mcf
[2011.04.05 21:45:22 | 000,044,620 | ---- | M] () -- C:\Users\Petra\Fotobuch Dustin.mcf~
[2011.04.02 19:44:22 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.02 19:16:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[1 C:\Users\Petra\AppData\Roaming\*.tmp files -> C:\Users\Petra\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.28 13:06:52 | 000,301,568 | ---- | C] () -- C:\Users\Petra\Desktop\g2m3e4r.exe
[2011.04.28 13:05:35 | 000,377,260 | ---- | C] () -- C:\Users\Petra\Desktop\Load.exe
[2011.04.11 15:00:11 | 3215,892,480 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.10 09:18:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\null0.9100247397509212.exe
[2011.04.06 18:43:45 | 000,293,288 | ---- | C] () -- C:\Users\Petra\Dustin NEU.mcf~
[2011.04.06 18:43:45 | 000,293,288 | ---- | C] () -- C:\Users\Petra\Dustin NEU.mcf
[2011.04.02 19:44:22 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.02 19:44:22 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.02.27 12:57:31 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2009.08.08 20:15:16 | 000,050,688 | ---- | C] () -- C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.14 07:38:13 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.14 07:38:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.06.14 07:38:13 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.06.14 07:38:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.06.14 07:38:13 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.06.14 07:38:13 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009.06.13 23:10:00 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.06.13 23:03:37 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.06.13 23:03:37 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.06.13 23:03:37 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009.06.13 23:03:37 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.06.13 23:02:02 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009.06.13 23:02:02 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009.06.13 23:02:02 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.06.13 23:02:02 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.06.13 23:02:02 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.06.13 23:02:02 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.06.13 22:56:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.13 18:22:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.09 14:37:38 | 000,000,000 | ---- | C] () -- C:\Users\Petra\AppData\Roaming\wklnhst.dat
[2009.06.08 19:35:18 | 000,007,512 | ---- | C] () -- C:\Users\Petra\AppData\Local\d3d9caps.dat
[2009.03.12 12:47:51 | 000,630,268 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.12 12:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.12 12:47:51 | 000,127,252 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.12 12:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 04:09:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.12 04:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.12.09 17:23:13 | 000,047,840 | RHS- | C] () -- C:\Users\Petra\AppData\Roaming\appconf32.exe
[2008.04.08 14:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,345,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,408 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,105,486 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.07.07 19:36:56 | 000,021,668 | ---- | C] () -- C:\Windows\hpoins01.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:3064D21D
 
< End of report >
--- --- ---

Eine Sytemwiederherstellung wurde durchgeführt hatte jedoch keinen effekt.

Die anderen reports reiche ich nach da ich vorerst den post sichern will bevor firefox unerwartet abstürzt.

Danke im vorraus!

MfG Woozie

markusg 28.04.2011 13:11
hi
warum hat dieser pc kaum updates gesehen?
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Woozie 28.04.2011 15:15
Ich bekomme Combofix nicht gestartet. Wenn ich es starte öffnet sich ca. 20 mal die fehlermeldung dass nircmd.exe nicht funktioniert. Im Taskmanager habe ich gesehen dass sie die gleiche anzahl den prozess firefix.exe öffnet.

Weiterhin hat Antivir ein Trojanisches Pferd gefunden: TR/spy.Zbot.PK
unter: C:\win\System32\config\systemprofile\Appdata\roaming\kbtxt\libkb.exe

Der Pc hat keine Updates gesehen da er von einem unerfahrenen Benutzer genutzt wurde, daher auch die fehlende verlängerung der aktivierung von avast.

markusg 28.04.2011 15:17
also, der pc ist eig total im ars..
ich würde vorschlagen, daten sichern und neu formatieren und aufsetzen.dann sichern wir dieses system richtig ab. der arbeitsaufwand ist so hoch wie beim säubern und das säubern ist hier wesendlich unsicherer.

Woozie 28.04.2011 15:31
okay ich habe auch schon mit dem gedanken gespielt nur ich sah es bisher als die aufwändigere Lösung an. Ich werde dann mal absprache halten wegen der Sicherung der Daten und schauen welches system ich aufspiele, da ich vista eher meiden möchte.

schonmal vielen dank für die sehr schnelle hilfe ich melde mich dann nochmal wegen der sicherung des pcs

MfG Woozie

markusg 28.04.2011 15:33
ok sag dann bescheid wies weiter gehen soll


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:54 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24