|
Log-Analyse und Auswertung: "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.12.2011, 17:15 | #1 |
| "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" hallo, ich habe heute genau so wie viele andere,diese meldung bekommen beim starten des PCs. hab mich jetzt etwas hier informiert und schonmal OTL.exe und mbam durchlaufen lassen.hier die logs von OTL: Code:
ATTFilter OTL logfile created on: 04.12.2011 16:49:19 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = E:\ Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 85,20% Memory free 6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106,20 Gb Total Space | 46,12 Gb Free Space | 43,43% Space Free | Partition Type: NTFS Drive E: | 14,89 Gb Total Space | 12,51 Gb Free Space | 83,98% Space Free | Partition Type: FAT32 Drive H: | 9,77 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive I: | 1281,30 Gb Total Space | 1102,82 Gb Free Space | 86,07% Space Free | Partition Type: NTFS Computer Name: MORITZ-PC | User Name: moritz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\js3250.dll () MOD - C:\Users\moritz\AppData\Roaming\Mozilla\Firefox\Profiles\3i8na4i5.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\imtcp_xpcom.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_d768ebc.dll () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\system32\DRIVERS\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.) DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (amd_sata) -- C:\Windows\system32\DRIVERS\amd_sata.sys (Advanced Micro Devices) DRV - (amd_xata) -- C:\Windows\system32\DRIVERS\amd_xata.sys (Advanced Micro Devices) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (TASCAM_US122144) -- C:\Windows\System32\drivers\tascusb2.sys (TASCAM) DRV - (TASCAM_US122L_WDM) -- C:\Windows\System32\drivers\tscusb2a.sys (TASCAM) DRV - (TASCAM_US122L_MIDI) -- C:\Windows\System32\drivers\tscusb2m.sys (TASCAM) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 0C BD BD 58 1A CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.10 07:26:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 07:26:34 | 000,000,000 | ---D | M] [2011.05.24 22:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moritz\AppData\Roaming\mozilla\Extensions [2011.12.04 13:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions [2011.08.29 17:55:16 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} [2011.07.06 13:24:40 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.11.13 11:36:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.05.26 07:29:55 | 000,000,000 | ---D | M] (NoSquint) -- C:\Users\moritz\AppData\Roaming\mozilla\Firefox\Profiles\3i8na4i5.default\extensions\nosquint@urandom.ca [2011.06.20 11:14:32 | 000,002,059 | ---- | M] () -- C:\Users\moritz\AppData\Roaming\Mozilla\Firefox\Profiles\3i8na4i5.default\searchplugins\daemon-search.xml [2011.11.30 07:22:26 | 000,000,950 | ---- | M] () -- C:\Users\moritz\AppData\Roaming\Mozilla\Firefox\Profiles\3i8na4i5.default\searchplugins\icqplugin-1.xml [2011.08.29 14:37:27 | 000,001,056 | ---- | M] () -- C:\Users\moritz\AppData\Roaming\Mozilla\Firefox\Profiles\3i8na4i5.default\searchplugins\icqplugin.xml [2011.12.04 13:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.26 10:07:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.07.26 13:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.24 22:47:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2011.05.26 10:07:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.07.26 13:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.29 21:05:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.29 21:05:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.29 21:05:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.29 21:05:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.29 21:05:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [{9E82E0F3-8647-11E0-A050-806E6F6E6963}] C:\Users\moritz\AppData\Roaming\Microsoft\svhcost.exe (Mozilla Foundation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\moritz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C92BA809-B725-40E3-91EF-8618FF219821}: DhcpNameServer = 83.169.184.33 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C92BA809-B725-40E3-91EF-8618FF219821}: NameServer = 85.214.73.63,204.152.184.76 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.04 16:45:24 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Roaming\Malwarebytes [2011.12.04 16:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.04 16:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.04 16:44:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.04 16:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.24 18:06:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.11.13 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\moritz\Documents\iMacros [2011.11.09 20:48:51 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Local\Akamai [2011.11.05 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\moritz\Documents\Freemake [2011.11.05 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2011.11.05 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2011.11.05 20:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2011.11.05 20:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2011.05.31 14:23:21 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll ========== Files - Modified Within 30 Days ========== [2011.12.04 16:45:00 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.04 16:42:56 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.04 16:42:56 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.04 16:42:56 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.04 16:42:56 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.04 16:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.04 16:28:10 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys [2011.12.04 15:25:14 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.04 15:25:14 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 09:33:12 | 003,951,546 | ---- | M] () -- C:\Users\moritz\Desktop\Big L- Harlem World (Instrumental).mp3 [2011.11.17 15:30:13 | 001,547,937 | ---- | M] () -- C:\Users\moritz\Desktop\vitus bangus_Abmischung.mp3 [2011.11.13 12:33:26 | 000,000,366 | ---- | M] () -- C:\Users\moritz\Desktop\Dein Text.cmd [2011.11.10 15:40:39 | 000,289,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.08 17:02:01 | 000,667,715 | ---- | M] () -- C:\Users\moritz\rba crunk _Abmischung (4).mp3 [2011.11.05 20:25:31 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk ========== Files Created - No Company Name ========== [2011.12.04 16:45:00 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.02 16:57:30 | 003,951,546 | ---- | C] () -- C:\Users\moritz\Desktop\Big L- Harlem World (Instrumental).mp3 [2011.11.17 15:30:08 | 001,547,937 | ---- | C] () -- C:\Users\moritz\Desktop\vitus bangus_Abmischung.mp3 [2011.11.13 11:29:13 | 000,000,366 | ---- | C] () -- C:\Users\moritz\Desktop\Dein Text.cmd [2011.11.08 17:01:58 | 000,667,715 | ---- | C] () -- C:\Users\moritz\rba crunk _Abmischung (4).mp3 [2011.11.05 20:25:31 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2011.07.26 22:57:06 | 000,000,085 | ---- | C] () -- C:\Windows\lagarith.ini [2011.06.20 21:15:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.06.20 12:51:50 | 000,063,640 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.05.31 14:23:22 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.05.31 14:23:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.05.31 14:23:20 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.05.31 14:23:20 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.05.31 14:23:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.05.31 14:06:38 | 000,056,899 | ---- | C] () -- C:\Windows\System32\x264-uninstall.exe [2011.05.24 22:27:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.24 22:20:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.24 22:15:44 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.05.24 22:11:57 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.05.24 22:09:25 | 000,000,037 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe [2010.09.28 21:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,289,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.07 08:08:36 | 002,600,448 | ---- | C] () -- C:\Windows\System32\x264vfw.dll ========== LOP Check ========== [2011.06.20 10:53:21 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\abgx360 [2011.05.26 11:07:27 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Acronis [2011.06.10 16:57:37 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Antares [2011.11.24 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Azureus [2011.06.03 10:43:27 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Canneverbe Limited [2011.06.20 11:15:57 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\DAEMON Tools Lite [2011.06.07 16:44:37 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\FabFilter [2011.07.15 20:29:21 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Firstload [2011.07.06 13:31:23 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\ICQ [2011.06.20 12:56:21 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\ImgBurn [2011.06.10 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\PACE Anti-Piracy [2011.10.23 15:57:15 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Paloma Networks, Inc [2011.05.26 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Publish Providers [2011.07.26 22:58:33 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\Sony [2011.05.26 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\moritz\AppData\Roaming\SoundSpectrum [2011.11.06 09:55:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1189 bytes -> C:\ProgramData\Microsoft:eeVnHZFiDnv9R0WLbpeWKlvq @Alternate Data Stream - 1089 bytes -> C:\ProgramData\Microsoft:xN1UQc5Cu8dqAreVQx7kyHmn6YU @Alternate Data Stream - 1008 bytes -> C:\ProgramData\Microsoft:zTYEeOs6yOY2ydS68aXnsi < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.12.2011 16:49:19 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = E:\ Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 85,20% Memory free 6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106,20 Gb Total Space | 46,12 Gb Free Space | 43,43% Space Free | Partition Type: NTFS Drive E: | 14,89 Gb Total Space | 12,51 Gb Free Space | 83,98% Space Free | Partition Type: FAT32 Drive H: | 9,77 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFS Drive I: | 1281,30 Gb Total Space | 1102,82 Gb Free Space | 86,07% Space Free | Partition Type: NTFS Computer Name: MORITZ-PC | User Name: moritz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0482617D-DDC3-D703-2572-7D1E55FA24CB}" = Catalyst Control Center Graphics Previews Vista "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{216BE2D3-5317-10C1-6F02-C4665CFB4507}" = CCC Help Japanese "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32 "{256C2385-7E7D-8809-9D8C-020FC726A0CB}" = Catalyst Control Center InstallProxy "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26 "{26E276AC-F6C2-883E-E665-E97C735AA0AA}" = CCC Help French "{31760C30-2C21-75D1-675E-3388AAC04068}" = CCC Help Dutch "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D68D398-7760-426D-8395-83EE0676FC7E}" = Antares Auto-Tune Evo RTAS "{5380E159-9445-C146-ECBC-5DF6E97FAB85}" = CCC Help Swedish "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{54F89819-7AF7-9A0A-1F45-2E19F0CA18A8}" = CCC Help Finnish "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59F324A2-667C-EA14-0A8D-DC3794330056}" = CCC Help Danish "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6D74D3E4-B52C-4812-B01C-D3B7D5603EFD}" = iLoad "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{7D14B7C4-10DA-173B-D073-DED305D55099}" = Catalyst Control Center Localization All "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B9F75D9-A0AF-B75D-8921-3A0E09A3E56E}" = ATI Catalyst Install Manager "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{934331FE-E81E-B486-A049-382715BE7416}" = CCC Help German "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A850B824-9CE5-EEDE-D762-3C9518ABAC98}" = ccc-core-static "{AA0F476C-CA5F-F382-67B2-F0085C1EBC6E}" = CCC Help Norwegian "{B765F43A-6189-61F7-5D8A-0B9E8A851193}" = CCC Help English "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0 "{DE2A3E12-3592-1A8B-D3B3-60E2C07C52C2}" = CCC Help Italian "{E82912A7-1041-D8C5-B725-A7B0C8A91DAF}" = ccc-utility "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1ED5BD7-4770-4037-9CBD-5DF9A5BEC408}" = Plus Pack für Acronis True Image Home 2011 "{F354B79F-C895-AC25-EC8F-72DAFF960B83}" = CCC Help Spanish "1489-3350-5074-6281" = JDownloader 0.9 "abgx360" = abgx360 v1.0.5 "Adobe Audition 3.0" = Adobe Audition 3.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface Service "ASIO4ALL" = ASIO4ALL "avast!" = avast! Antivirus "AviSynth" = AviSynth 2.5 "Azureus" = Azureus "CCleaner" = CCleaner (remove only) "Cross Fire_is1" = Cross Fire En "CyberGhost VPN_is1" = CyberGhost VPN "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup.divx.com" = DivX-Setup "FabFilter Pro-Q VST RTAS_is1" = FabFilter Pro-Q VST RTAS v1.0.1.6 "Firstload" = Firstload "Foxit Reader" = Foxit Reader "Freemake Video Converter_is1" = Freemake Video Converter Version 2.4.0 "G-Force" = G-Force "ICQToolbar" = ICQ Toolbar "ImgBurn" = ImgBurn "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "MediaMonkey_is1" = MediaMonkey 3.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24) "Steam App 240" = Counter-Strike: Source "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42720" = Call of Duty Black Ops - Remote Console "Steam App 42740" = Call of Duty Black Ops - Mod Tools (BETA) "USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII "Videora iPod touch Converter" = Videora iPod touch Converter 6 "VLC media player" = VLC media player 1.1.10 "Warcraft III" = Warcraft III "WinRAR archiver" = WinRAR "WolfTeam" = WolfTeam "x264 VFW" = x264 VFW (remove only) "YouTube Downloader App" = YouTube Downloader App 3.00 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "360GAMESPATCHERCLT" = 360GamesPatcher (Client setup) "Akamai" = Akamai NetSession Interface "Warcraft III" = Warcraft III: All Products ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8308 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 04.12.2011 17:07:05 mbam-log-2011-12-04 (17-07-05).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158897 Laufzeit: 1 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9E82E0F3-8647-11E0-A050-806E6F6E6963} (Backdoor.Agent) -> Value: {9E82E0F3-8647-11E0-A050-806E6F6E6963} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\moritz\AppData\Roaming\microsoft\svhcost.exe (Backdoor.Agent) -> Quarantined and deleted successfully. c:\Users\moritz\AppData\Local\Temp\0.7499102478481585.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. wie verfahre ich jetzt weiter? ich bin für jede hilfestellung SEHR dankbar und hoffe ich hab mit den logs alles richtig gemacht. yasippi |
04.12.2011, 20:06 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
04.12.2011, 22:36 | #3 |
| "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" erstmal riesen danke für die ausführliche antwort!
__________________Beide scans sind jetzt fertig. hier die logs von dem vollscan mit malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8308 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 04.12.2011 20:52:57 mbam-log-2011-12-04 (20-52-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|I:\|) Durchsuchte Objekte: 463859 Laufzeit: 43 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und hier die von eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=368844b77e3cb64d97632ff1f09f1734 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-04 09:25:34 # local_time=2011-12-04 10:25:34 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=769 16775126 100 100 23028 259320763 24264 0 # compatibility_mode=5893 16776573 100 94 23485 75467552 0 0 # compatibility_mode=8192 67108863 100 0 6447 6447 0 0 # scanned=315049 # found=2 # cleaned=0 # scan_time=5125 C:\Users\moritz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\441ee89c-75c3c6ec a variant of Win32/Injector.LSY trojan (unable to clean) 00000000000000000000000000000000 I I:\Dateien und Image\Azureus\Downloads\Alte download XP\242.Sony - Vegas Pro 9.0e (Build 1147)\Readme.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I ich werde euch vieleicht zu weihnachten eine kleine spende zukommen lassen yasippi |
05.12.2011, 09:25 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"Zitat:
Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu "Aus Sicherheitsgründen wurde ihr Windowssystem blockiert" |
0x00000001, akamai, alternate, antivirus, aus sicherheitsgründen wurde ihr windowssystem blockiert, autorun, backdoor.agent, black, blockiert, bonjour, call of duty, cyberghost, error, excel, excel.exe, exploit.drop.2, firefox, flash player, format, google, helper, home, jdownloader, langs, logfile, mbamservice.exe, mozilla, object, plug-in, realtek, registry, rundll, scan, security, shell32.dll, software, starten, super, usb, usb 3.0, version=1.0, vitus, webcheck, windows, wurde ihr, xpcom.dll, youtube downloader |