|
Log-Analyse und Auswertung: Bundestrojaner sperrt meinen ComputerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.08.2011, 10:58 | #1 |
| Bundestrojaner sperrt meinen Computer Liebes Forum, ich habe gestern im Internet gesurft und urplötzlich hat sich ein Virus auf meinem Laptop breitgemacht, der meinen PC gesperrt hat & für eine Freischaltung 100€ verlangt. Mein Virusprogramm Antivir hat diesen allerdings nicht erkannt. Ich habe die gewünschten Schritte durchgeführt. Vom Defogger habe ich zwar keine Fehlermeldung erhalten, allerdings wurde ich auch nicht zu einem Neustart aufgefordert?! Ich hoffe auf eine zeitnahe Lösung. Vielen Dank & Liebe GrüßeOTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2011 11:42:50 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\cora\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 79,70% Memory free 3,98 Gb Paging File | 3,74 Gb Available in Paging File | 93,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,70 Gb Total Space | 56,63 Gb Free Space | 61,09% Space Free | Partition Type: NTFS Drive D: | 44,63 Gb Total Space | 44,54 Gb Free Space | 99,80% Space Free | Partition Type: NTFS Computer Name: CORA-PC | User Name: cora | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.07 11:21:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\cora\Desktop\OTL.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (SafeList) ========== MOD - [2011.08.07 11:21:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\cora\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService) SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2010.04.24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.04.24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.03.24 10:45:58 | 000,127,656 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2008.08.20 07:08:30 | 000,070,336 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - [2010.04.24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010.04.24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010.04.24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010.04.24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.10 16:00:54 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2008.09.22 04:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V) DRV - [2007.09.28 14:51:52 | 000,228,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2007.08.30 11:51:50 | 000,094,080 | ---- | M] (USB video camera) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cam1210.sys -- (CAM1210) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.14 07:56:32 | 000,780,288 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.07 13:48:42 | 000,218,624 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 4C 8F 38 74 4F CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) [2010.02.15 16:31:10 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) O4 - HKLM..\Run: [recinfo28] File not found O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [WaitingDog] C:\Windows\StiD1210.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [4E3E0230AEBB4E96] File not found O4 - HKCU..\Run: [avupdate] C:\Users\cora\AppData\Roaming\jashla.exe (Riviera Knoxville Rowland Dominican Tarbell Byrd) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "startup" - 0 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.08.07 10:48:24 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\cora\Desktop\OTL.exe [2011.08.06 20:36:51 | 000,134,144 | ---- | C] (Riviera Knoxville Rowland Dominican Tarbell Byrd) -- C:\Users\cora\AppData\Roaming\jashla.exe [2011.07.31 17:33:14 | 000,000,000 | ---D | C] -- C:\Users\cora\Documents\InterVideo [2011.07.16 15:03:36 | 000,000,000 | ---D | C] -- C:\Users\cora\AppData\Roaming\Google [2011.07.16 15:02:26 | 000,000,000 | ---D | C] -- C:\Users\cora\AppData\Local\Google [2011.07.16 15:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.07.16 15:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google ========== Files - Modified Within 30 Days ========== [2011.08.07 11:23:41 | 000,595,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.07 11:23:40 | 000,628,200 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.07 11:23:40 | 000,125,862 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.07 11:23:40 | 000,103,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.07 11:21:40 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\cora\Desktop\OTL.exe [2011.08.07 11:21:10 | 000,050,477 | ---- | M] () -- C:\Users\cora\Desktop\Defogger.exe [2011.08.07 11:13:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.07 11:09:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.07 11:09:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.07 11:07:31 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.07 11:04:16 | 000,000,000 | ---- | M] () -- C:\Users\cora\defogger_reenable [2011.08.07 10:16:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.06 20:36:51 | 000,134,144 | ---- | M] (Riviera Knoxville Rowland Dominican Tarbell Byrd) -- C:\Users\cora\AppData\Roaming\jashla.exe [2011.08.06 11:56:09 | 000,011,264 | ---- | M] () -- C:\Users\cora\Documents\dokument MH.wps [2011.08.06 11:56:09 | 000,002,402 | ---- | M] () -- C:\Users\cora\AppData\Roaming\wklnhst.dat [2011.08.06 11:54:38 | 000,011,264 | ---- | M] () -- C:\Users\cora\Documents\dokument H.wps [2011.08.06 10:19:48 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{17DF337D-A541-4C81-B042-DC05E5BFF815}.job [2011.07.30 19:02:20 | 000,010,752 | ---- | M] () -- C:\Users\cora\Documents\nero.wps [2011.07.18 19:22:04 | 000,304,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.10 19:12:01 | 005,453,701 | ---- | M] () -- C:\Users\cora\Documents\Abbildungen und Tabellen_Diplomarbeit_Patrizia Duda.pdf ========== Files Created - No Company Name ========== [2011.08.07 11:04:16 | 000,000,000 | ---- | C] () -- C:\Users\cora\defogger_reenable [2011.08.07 10:49:47 | 000,050,477 | ---- | C] () -- C:\Users\cora\Desktop\Defogger.exe [2011.07.31 17:28:40 | 000,011,264 | ---- | C] () -- C:\Users\cora\Documents\dokument H.wps [2011.07.31 12:34:45 | 000,011,264 | ---- | C] () -- C:\Users\cora\Documents\dokument MH.wps [2011.07.30 18:20:04 | 000,010,752 | ---- | C] () -- C:\Users\cora\Documents\nero.wps [2011.07.16 15:02:43 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.07.16 15:02:38 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.07.10 19:11:45 | 005,453,701 | ---- | C] () -- C:\Users\cora\Documents\Abbildungen und Tabellen_Diplomarbeit_Patrizia Duda.pdf [2011.06.07 08:38:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.06.06 10:32:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.06 10:32:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.16 17:26:09 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll [2009.12.16 17:25:54 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll [2009.12.16 17:25:54 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll [2009.12.16 17:25:54 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2009.12.16 17:03:54 | 000,002,402 | ---- | C] () -- C:\Users\cora\AppData\Roaming\wklnhst.dat [2009.12.15 16:25:34 | 000,020,992 | ---- | C] () -- C:\Users\cora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.24 06:21:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.24 06:19:32 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2007.12.24 06:18:53 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2007.08.30 21:38:34 | 000,060,416 | ---- | C] () -- C:\Windows\System32\StiD1210.exe [2007.08.30 21:38:34 | 000,060,416 | ---- | C] () -- C:\Windows\StiD1210.exe [2007.03.20 18:36:16 | 001,597,440 | ---- | C] () -- C:\Windows\System32\StiC1210.exe [2007.03.20 18:36:16 | 001,597,440 | ---- | C] () -- C:\Windows\StiC1210.exe [2007.03.07 20:07:12 | 000,021,174 | ---- | C] () -- C:\Windows\cam1210.ini [2006.11.08 14:27:06 | 000,030,208 | ---- | C] () -- C:\Windows\System32\cam1210.dll [2006.11.02 17:33:31 | 000,628,200 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,125,862 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,304,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,830 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,646 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.01.10 00:37:00 | 000,008,570 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate ========== LOP Check ========== [2010.02.15 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\Haufe [2009.12.15 16:18:26 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\InterVideo [2010.02.15 20:57:35 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\Lexware [2011.07.31 13:35:18 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\SoftGrid Client [2009.12.16 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\Template [2011.06.07 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\TP [2011.08.07 11:09:56 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.08.06 10:19:48 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{17DF337D-A541-4C81-B042-DC05E5BFF815}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.12.15 16:10:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.01.08 14:34:16 | 000,000,000 | ---D | M] -- C:\bfe12163952d45f182c6ff33611910c1 [2006.01.10 00:45:13 | 000,000,000 | ---D | M] -- C:\Big Fish Games [2011.06.15 16:05:03 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.15 16:05:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.12.24 06:22:22 | 000,000,000 | R--D | M] -- C:\DRIVER [2009.12.15 16:12:02 | 000,000,000 | ---D | M] -- C:\ebay [2009.12.15 16:12:02 | 000,000,000 | ---D | M] -- C:\FirstSteps [2007.12.24 06:22:22 | 000,000,000 | R--D | M] -- C:\MANUAL [2007.12.24 06:41:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2007.12.24 06:34:12 | 000,000,000 | ---D | M] -- C:\nero [2010.03.14 21:25:53 | 000,000,000 | ---D | M] -- C:\Off2007HStTrial [2011.06.05 21:38:49 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.16 15:02:01 | 000,000,000 | R--D | M] -- C:\Program Files [2011.07.16 15:02:01 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.12.24 06:24:04 | 000,000,000 | ---D | M] -- C:\Programme [2011.06.28 17:05:44 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2011.08.06 10:24:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.12.15 16:09:44 | 000,000,000 | R--D | M] -- C:\Users [2011.08.07 11:00:32 | 000,000,000 | ---D | M] -- C:\Windows [2009.12.15 16:21:18 | 000,000,000 | ---D | M] -- C:\WinDVD [2007.12.24 06:49:01 | 000,000,000 | ---D | M] -- C:\Works [2007.12.24 05:09:16 | 000,000,000 | ---D | M] -- C:\x86 < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.12.17 12:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.12.17 12:52:26 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.12.17 12:52:25 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.12.24 06:06:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.12.24 06:06:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.12.17 12:52:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ > < AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Windows > < Update\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Geändert von Larusso (07.08.2011 um 15:03 Uhr) |
07.08.2011, 15:12 | #2 |
/// Malwareteam | Bundestrojaner sperrt meinen ComputerEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1
Code:
ATTFilter :OTL O4 - HKCU..\Run: [4E3E0230AEBB4E96] File not found O4 - HKCU..\Run: [avupdate] C:\Users\cora\AppData\Roaming\jashla.exe (Riviera Knoxville Rowland Dominican Tarbell Byrd) [2011.08.06 20:36:51 | 000,134,144 | ---- | C] (Riviera Knoxville Rowland Dominican Tarbell Byrd) -- C:\Users\cora\AppData\Roaming\jashla.exe [2011.08.06 20:36:51 | 000,134,144 | ---- | M] (Riviera Knoxville Rowland Dominican Tarbell Byrd) -- C:\Users\cora\AppData\Roaming\jashla.exe :Commands [purity] [emptytemp]
Schritt 2 Downloade Dir bitte Malwarebytes
Schritt 3 Bitte
|
07.08.2011, 17:14 | #3 |
| Bundestrojaner sperrt meinen Computer Lieber Swisstreasure,
__________________ich habe eine Frage nach deiner Einschätzung. Mich machen nämlich deine Aussagen zum Aufwand und dass möglicherweise nicht alle Ursachen durch die beschriebenen Schritte behoben werden, unsicher - macht es nicht wirklich am meisten Sinn den Laptop komplett neu zu formatieren? Da ich dies nicht einschätzen kann & natürlich die höchste Sicherheit auf dem Rechner möchte, weil ich z.B. auch Online-Banking mache, wäre ein Feedback hierzu super. Vielen Dank & Liebe Grüße |
07.08.2011, 17:42 | #4 |
/// Malwareteam | Bundestrojaner sperrt meinen Computer Ich kann Dir nur sagen, dass ich keine Garantie geben kann. Dass kann Dir niemand. Das sicherste ist Neuaufsetzen. Aber auch Bereinigen ist möglich. |
10.08.2011, 21:01 | #5 |
| Bundestrojaner sperrt meinen Computer Hallo Swiss, ich habe die Bereinigung probiert. Hier die Ergebnisse von OTL: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully. C:\Users\cora\AppData\Roaming\jashla.exe moved successfully. File 11.08.06 20:36:51 | 000,134,144 | ---- | C] (Riviera Knoxville Rowland Dominican not found. File 11.08.06 20:36:51 | 000,134,144 | ---- | M] (Riviera Knoxville Rowland Dominican not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: cora ->Temp folder emptied: 30344144 bytes ->Temporary Internet Files folder emptied: 206954362 bytes ->Java cache emptied: 1211747 bytes ->Flash cache emptied: 470 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 183981826 bytes RecycleBin emptied: 40411 bytes Total Files Cleaned = 403,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 08102011_210918 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\MpCmdRun-C0-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock not found! C:\Windows\temp\MpCmdRun.log moved successfully. Der Scan von GMER wurde zunächst unterbrochen ('Programm funktioniert nicht mehr') - ich habe ihn neu gestartet & der Scan ergab den folgenden Text: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-08-10 21:51:42 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH rev.0000001C Running: 62zs3fh9.exe; Driver: C:\Users\cora\AppData\Local\Temp\kwtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT 884D393C ZwCreateThread SSDT 884D3928 ZwOpenProcess SSDT 884D392D ZwOpenThread SSDT 884D3937 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 221 81CE59A4 4 Bytes [3C, 39, 4D, 88] .text ntkrnlpa.exe!KeSetEvent + 3F1 81CE5B74 4 Bytes [28, 39, 4D, 88] .text ntkrnlpa.exe!KeSetEvent + 40D 81CE5B90 4 Bytes [2D, 39, 4D, 88] .text ntkrnlpa.exe!KeSetEvent + 621 81CE5DA4 4 Bytes [37, 39, 4D, 88] {AAA ; CMP [EBP-0x78], ECX} ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Bin ich jetzt clean? Wie kann ich einem ähnlichen Fall vorbeugen? Mein Virenprogramm hat mich auch leider nicht davor gewarnt... Vielen lieben Dank |
10.08.2011, 21:27 | #6 |
/// Malwareteam | Bundestrojaner sperrt meinen Computer Wo bleibt Schritt und Log 2? |
11.08.2011, 13:28 | #8 |
/// Malwareteam | Bundestrojaner sperrt meinen Computer Ich sehe aber etwas andere als Schritt 2 in meiner Anleitung?! |
11.08.2011, 13:30 | #9 |
| Bundestrojaner sperrt meinen Computer Hallo, ich verstehe ehrlich gesagt nicht, was ich falsch bzw. nicht gemacht habe?! Ich habe mich nämlich ganz genau an deine Anweisung gehalten & die Ergebnisse in meine Antwort eingefügt - was soll ich denn genau noch mal machen? Liebe Grüße |
11.08.2011, 13:31 | #10 |
/// Malwareteam | Bundestrojaner sperrt meinen Computer Was steht hier unter Schritt 2? http://www.trojaner-board.de/102132-...tml#post690579 |
11.08.2011, 13:37 | #11 |
| Bundestrojaner sperrt meinen Computer Komisch - hab gestern nur 2 Schritte gesehen ?! :/ Naja, dann werde ich mich dem Problem nochmal annehmen & schicke dir meine Ergebnisse die Tage zu. Vielen Dank! |
11.08.2011, 14:51 | #12 |
/// Malwareteam | Bundestrojaner sperrt meinen Computer Es waren immer 3 Schritt |
14.08.2011, 16:43 | #13 |
| Bundestrojaner sperrt meinen Computer Hallo, hier die Ergebnisse aller 3 Schritte: 1. Schritt: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate not found. File C:\Users\cora\AppData\Roaming\jashla.exe (Riviera not found. File 11.08.06 20:36:51 | 000,134,144 | ---- | C] (Riviera Knoxville Rowland Dominican not found. File 11.08.06 20:36:51 | 000,134,144 | ---- | M] (Riviera Knoxville Rowland Dominican not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: cora ->Temp folder emptied: 32143 bytes ->Temporary Internet Files folder emptied: 835257 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 914 bytes RecycleBin emptied: 956205 bytes Total Files Cleaned = 2,00 mb OTL by OldTimer - Version 3.2.26.2 log created on 08142011_164123 2. Schritt: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7035 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19088 14.08.2011 16:52:15 mbam-log-2011-08-14 (16-52-15).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143348 Laufzeit: 3 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. 3. Schritt: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-08-14 17:34:25 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHW2160BH rev.0000001C Running: v75skmkc.exe; Driver: C:\Users\cora\AppData\Local\Temp\kwtdqpow.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Bin ich jetzt clean? Vielen lieben Dank & liebe Grüße Patrizia |
14.08.2011, 23:09 | #14 |
/// Malwareteam | Bundestrojaner sperrt meinen Computer Schritt 1 ESET Online Scanner
Schritt 2 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start explorer.exe regedit.exe winlogon.exe wininit.exe userinit.exe /md5stop HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs CREATERESTOREPOINT
|
16.08.2011, 22:31 | #15 |
| Bundestrojaner sperrt meinen Computer Hallo, hier die Ergebnisse: Schritt 1: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=5b3a6973a96f4740a79392e6db291a6c # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-16 09:06:37 # local_time=2011-08-16 11:06:37 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 869542 89039675 510409 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 4895 151057096 0 0 # compatibility_mode=8192 67108863 100 0 5322 5322 0 0 # scanned=106125 # found=0 # cleaned=0 # scan_time=4429 Schritt 2: OTL logfile created on: 16.08.2011 23:22:57 - Run 2 OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\cora\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 51,30% Memory free 3,99 Gb Paging File | 2,87 Gb Available in Paging File | 71,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,70 Gb Total Space | 54,77 Gb Free Space | 59,09% Space Free | Partition Type: NTFS Drive D: | 44,63 Gb Total Space | 44,54 Gb Free Space | 99,80% Space Free | Partition Type: NTFS Computer Name: CORA-PC | User Name: cora | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.16 23:07:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\cora\Desktop\OTL.exe PRC - [2011.07.16 15:01:59 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10u_ActiveX.exe PRC - [2010.04.24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.04.24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2009.10.26 15:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.04.11 08:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.10.12 15:08:20 | 001,224,704 | ---- | M] (VIA.) -- C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe PRC - [2007.08.30 21:38:34 | 000,060,416 | ---- | M] () -- C:\Windows\StiD1210.exe PRC - [2007.06.20 23:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- c:\PROGRA~1\MICROS~3\wkcalrem.exe PRC - [2007.05.15 02:31:50 | 000,200,704 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Windows\System32\s3trayp.exe PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (No Company Name) ========== MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe MOD - [2007.08.30 21:38:34 | 000,060,416 | ---- | M] () -- C:\Windows\StiD1210.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService) SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2010.04.24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.04.24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.03.24 10:45:58 | 000,127,656 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2008.08.20 07:08:30 | 000,070,336 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate) SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - [2010.04.24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010.04.24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010.04.24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010.04.24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.10 16:00:54 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2008.09.22 04:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V) DRV - [2007.09.28 14:51:52 | 000,228,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2007.08.30 11:51:50 | 000,094,080 | ---- | M] (USB video camera) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cam1210.sys -- (CAM1210) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.14 07:56:32 | 000,780,288 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VTGKModeDX32.sys -- (S3GIGP) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.07 13:48:42 | 000,218,624 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 80 25 91 8E 5A CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) [2010.02.15 16:31:10 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found O4 - HKLM..\Run: [recinfo28] File not found O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [WaitingDog] C:\Windows\StiD1210.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.16 21:50:34 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\cora\Desktop\OTL.exe [2011.08.16 20:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.08.14 17:47:53 | 000,000,000 | R--D | C] -- C:\Users\cora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.08.14 16:47:41 | 000,000,000 | ---D | C] -- C:\Users\cora\AppData\Roaming\Malwarebytes [2011.08.14 16:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.10 21:09:18 | 000,000,000 | ---D | C] -- C:\_OTL [2011.07.31 17:33:14 | 000,000,000 | ---D | C] -- C:\Users\cora\Documents\InterVideo ========== Files - Modified Within 30 Days ========== [2011.08.16 23:16:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.16 23:11:09 | 000,010,240 | ---- | M] () -- C:\Users\cora\Desktop\Unbenanntes Dokument.wps [2011.08.16 23:11:09 | 000,002,506 | ---- | M] () -- C:\Users\cora\AppData\Roaming\wklnhst.dat [2011.08.16 23:07:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\cora\Desktop\OTL.exe [2011.08.16 22:18:48 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.16 22:18:48 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.16 20:34:30 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{17DF337D-A541-4C81-B042-DC05E5BFF815}.job [2011.08.16 20:26:32 | 000,629,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.16 20:26:32 | 000,596,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.16 20:26:32 | 000,126,446 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.16 20:26:32 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.16 20:18:55 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.16 20:18:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.07 11:04:16 | 000,000,000 | ---- | M] () -- C:\Users\cora\defogger_reenable [2011.08.06 11:56:09 | 000,011,264 | ---- | M] () -- C:\Users\cora\Documents\dokument MH.wps [2011.08.06 11:54:38 | 000,011,264 | ---- | M] () -- C:\Users\cora\Documents\dokument H.wps [2011.07.30 19:02:20 | 000,010,752 | ---- | M] () -- C:\Users\cora\Documents\nero.wps [2011.07.18 19:22:04 | 000,304,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.08.16 23:11:09 | 000,010,240 | ---- | C] () -- C:\Users\cora\Desktop\Unbenanntes Dokument.wps [2011.08.07 11:04:16 | 000,000,000 | ---- | C] () -- C:\Users\cora\defogger_reenable [2011.07.31 17:28:40 | 000,011,264 | ---- | C] () -- C:\Users\cora\Documents\dokument H.wps [2011.07.31 12:34:45 | 000,011,264 | ---- | C] () -- C:\Users\cora\Documents\dokument MH.wps [2011.07.30 18:20:04 | 000,010,752 | ---- | C] () -- C:\Users\cora\Documents\nero.wps [2011.06.07 08:38:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.06.06 10:32:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.06 10:32:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.16 17:26:09 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll [2009.12.16 17:25:54 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll [2009.12.16 17:25:54 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll [2009.12.16 17:25:54 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2009.12.16 17:03:54 | 000,002,506 | ---- | C] () -- C:\Users\cora\AppData\Roaming\wklnhst.dat [2009.12.15 16:25:34 | 000,020,992 | ---- | C] () -- C:\Users\cora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.24 06:21:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.24 06:19:32 | 000,009,216 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2007.12.24 06:18:53 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2007.08.30 21:38:34 | 000,060,416 | ---- | C] () -- C:\Windows\System32\StiD1210.exe [2007.08.30 21:38:34 | 000,060,416 | ---- | C] () -- C:\Windows\StiD1210.exe [2007.03.20 18:36:16 | 001,597,440 | ---- | C] () -- C:\Windows\System32\StiC1210.exe [2007.03.20 18:36:16 | 001,597,440 | ---- | C] () -- C:\Windows\StiC1210.exe [2007.03.07 20:07:12 | 000,021,174 | ---- | C] () -- C:\Windows\cam1210.ini [2006.11.08 14:27:06 | 000,030,208 | ---- | C] () -- C:\Windows\System32\cam1210.dll [2006.11.02 17:33:31 | 000,629,186 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,446 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,304,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,596,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.01.10 00:37:00 | 000,008,570 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate ========== LOP Check ========== [2010.02.15 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\Haufe [2009.12.15 16:18:26 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\InterVideo [2010.02.15 20:57:35 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\Lexware [2011.07.31 13:35:18 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\SoftGrid Client [2009.12.16 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\Template [2011.06.07 08:50:41 | 000,000,000 | ---D | M] -- C:\Users\cora\AppData\Roaming\TP [2011.08.16 20:13:30 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.08.16 20:34:30 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{17DF337D-A541-4C81-B042-DC05E5BFF815}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.12.15 16:10:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.01.08 14:34:16 | 000,000,000 | ---D | M] -- C:\bfe12163952d45f182c6ff33611910c1 [2006.01.10 00:45:13 | 000,000,000 | ---D | M] -- C:\Big Fish Games [2011.06.15 16:05:03 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.15 16:05:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.12.24 06:22:22 | 000,000,000 | R--D | M] -- C:\DRIVER [2009.12.15 16:12:02 | 000,000,000 | ---D | M] -- C:\ebay [2009.12.15 16:12:02 | 000,000,000 | ---D | M] -- C:\FirstSteps [2007.12.24 06:22:22 | 000,000,000 | R--D | M] -- C:\MANUAL [2007.12.24 06:41:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2007.12.24 06:34:12 | 000,000,000 | ---D | M] -- C:\nero [2010.03.14 21:25:53 | 000,000,000 | ---D | M] -- C:\Off2007HStTrial [2011.06.05 21:38:49 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.08.16 20:24:06 | 000,000,000 | R--D | M] -- C:\Program Files [2011.08.14 16:47:35 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.12.24 06:24:04 | 000,000,000 | ---D | M] -- C:\Programme [2011.08.16 23:24:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.12.15 16:09:44 | 000,000,000 | R--D | M] -- C:\Users [2011.08.07 11:00:32 | 000,000,000 | ---D | M] -- C:\Windows [2009.12.15 16:21:18 | 000,000,000 | ---D | M] -- C:\WinDVD [2007.12.24 06:49:01 | 000,000,000 | ---D | M] -- C:\Works [2007.12.24 05:09:16 | 000,000,000 | ---D | M] -- C:\x86 [2011.08.10 21:09:18 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.12.17 12:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.12.17 12:52:26 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.12.17 12:52:25 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.12.24 06:06:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.12.24 06:06:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.12.17 12:52:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-16 18:32:03 Eine Text Datei gab es leider nicht, bei dem Quick Scan. Liebe Grüße Patrizia |
Themen zu Bundestrojaner sperrt meinen Computer |
antivir, bundes, bundestrojaner, c:\windows\system32\rundll32.exe, compu, computer, defogger, erhalte, erhalten, fehlermeldung, forum, gesperrt, gestern, gesurft, hoffe, inter, interne, internet, jashla.exe, keine fehlermeldung, langs, laptop, neustart, pc gesperrt, sched.exe, schritte, sperrt, virus, virusprogramm |