| |
| |||||||
Log-Analyse und Auswertung: Need Help... Aus Sicherheitsgründen wurde mein Windowssystem geblockt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.12.2011, 00:02
| #1 |
 |  Need Help... Aus Sicherheitsgründen wurde mein Windowssystem geblockt! Hallo Zusammen, mich hat es nun auch erwischt. Kaspersky Rescue Disk kein Erfolg. Habe zwar ein paar Schädlinge erwischt, aber irgendwie nicht den richtige. Wäre über hilfe sehr dankbar! Hier die Logfiles. Danke Euch vorab! Hoffe ich habe nichts verkehrt gemacht, als grüner Anfänger! OTL logfile created on: 12.12.2011 23:57:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\ws2\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,43% Memory free 3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,75% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 585,94 Gb Total Space | 549,54 Gb Free Space | 93,79% Space Free | Partition Type: NTFS Drive D: | 345,57 Gb Total Space | 345,48 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive N: | 135,04 Gb Total Space | 130,73 Gb Free Space | 96,81% Space Free | Partition Type: NTFS Drive X: | 97,65 Gb Total Space | 26,50 Gb Free Space | 27,13% Space Free | Partition Type: NTFS Drive Y: | 97,65 Gb Total Space | 26,50 Gb Free Space | 27,13% Space Free | Partition Type: NTFS Drive Z: | 97,65 Gb Total Space | 26,50 Gb Free Space | 27,13% Space Free | Partition Type: NTFS Computer Name: WS2 | User Name: ws2 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.12 23:25:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ws2\Eigene Dateien\Downloads\OTL.exe PRC - [2011.12.12 21:40:28 | 101,206,032 | ---- | M] () -- C:\Dokumente und Einstellungen\ws2\Eigene Dateien\Downloads\setup_kaspersky_removal_11.0.0.1245.x01_2011_08_05_09_12.exe PRC - [2011.11.26 11:56:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.05 09:14:02 | 000,717,296 | ---- | M] () -- c:\temp\RarSFX0\8434900.exe PRC - [2011.08.05 09:13:57 | 000,457,736 | ---- | M] (Kaspersky Lab) -- c:\temp\2195658\8434900.exe PRC - [2010.07.17 08:06:11 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe PRC - [2008.04.14 03:22:59 | 000,385,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Restore\rstrui.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.12.12 21:40:28 | 101,206,032 | ---- | M] () -- C:\Dokumente und Einstellungen\ws2\Eigene Dateien\Downloads\setup_kaspersky_removal_11.0.0.1245.x01_2011_08_05_09_12.exe MOD - [2011.11.26 11:56:33 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.11.23 09:51:42 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2011.08.05 09:14:02 | 000,717,296 | ---- | M] () -- c:\temp\RarSFX0\8434900.exe MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011.12.07 08:23:38 | 000,855,904 | ---- | M] () [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater) SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010.07.21 08:54:04 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010.07.17 08:06:14 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd) ========== Driver Services (SafeList) ========== DRV - [2011.09.13 14:02:44 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011.05.06 07:54:35 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.10.28 14:58:44 | 000,272,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2010.10.05 17:11:24 | 006,164,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.07.17 08:06:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010.05.17 16:11:22 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo) DRV - [2010.04.03 10:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2009.11.18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2007.03.24 12:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2007.03.15 15:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001) DRV - [2006.02.07 20:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO) DRV - [2005.03.16 07:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS) DRV - [2004.08.13 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C C6 5F 2C 0A B9 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E78313ED-E64C-451B-9B5F-8A66A8D08A64}:2.5.10.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.avg.com/route/?d=4b9238d9&v=7.007.026.001&i=23&tp=ab&iy=&ychte=de&lng=de&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2011.09.13 14:02:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\9.0.0.18\ [2011.12.07 08:23:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.26 11:56:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.23 09:13:27 | 000,000,000 | ---D | M] [2010.03.20 10:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ws2\Anwendungsdaten\Mozilla\Extensions [2011.04.25 07:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ws2\Anwendungsdaten\Mozilla\Firefox\Profiles\0hg9bzxo.default\extensions [2010.06.04 16:11:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\ws2\Anwendungsdaten\Mozilla\Firefox\Profiles\0hg9bzxo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.24 12:49:24 | 000,000,000 | ---D | M] (FireFox accelerator) -- C:\Dokumente und Einstellungen\ws2\Anwendungsdaten\Mozilla\Firefox\Profiles\0hg9bzxo.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64} [2011.11.26 11:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.26 11:56:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.15 09:32:29 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.07 08:23:36 | 000,003,766 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2011.10.15 09:32:29 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.15 09:32:29 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.15 09:32:29 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.15 09:32:29 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.15 09:32:29 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.50524.0\npctrl.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Programme\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Google Earth Plugin (Enabled) = c:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] c:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BiosNotice] C:\Programme\BIOSTAR\BiosNotice\BiosNotice.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SfWinStartInfo] c:\Programme\SFirm32\sfWinStartupInfo.exe (SFirm Hannover) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Getdo] File not found O4 - HKCU..\Run: [Msmmc] C:\Dokumente und Einstellungen\ws2\Anwendungsdaten\Adobe\Update\wnddlg.exe () O4 - HKCU..\Run: [TickerMyMail] C:\Programme\TickerMyMail\TickerMyMail.exe (logiware gmbh) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digimax Viewer 1.0.lnk = C:\Programme\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe (Sunwisersoft Info., Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Zahlungserinnerung.lnk = C:\Programme\Profi cash\wzed.exe () O4 - Startup: C:\Dokumente und Einstellungen\ws2\Startmenü\Programme\Autostart\_uninst_.lnk = C:\temp\_uninst_.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267874534087 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Kinge.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2139CCB6-0BAA-4352-88F8-90494EA1980D}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A92A84C-7465-40AF-BE06-8E6AE8316EA4}: NameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ws2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ws2\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.03.06 10:37:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.12 22:51:51 | 000,000,000 | ---D | C] -- C:\Programme\VirusTotalUploader2 [2011.12.12 22:51:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ws2\Startmenü\Programme\VirusTotal Uploader 2.0 [2011.12.12 21:24:11 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.12.12 20:30:47 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011.12.09 11:06:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ws2\Anwendungsdaten\AVG Secure Search [2011.12.08 10:57:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ws2\Desktop\Bilder Ausstellung [2011.12.07 08:23:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search [2011.12.07 08:23:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search [2011.12.07 08:23:36 | 000,000,000 | ---D | C] -- C:\Programme\AVG Secure Search [2011.11.23 10:09:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.12 23:15:44 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\ws2\Startmenü\Programme\Autostart\_uninst_.lnk [2011.12.12 23:12:23 | 000,020,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.12 23:12:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.12 23:11:14 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011.12.12 23:11:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.12.12 23:11:06 | 090,243,405 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011.12.12 23:01:08 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011.12.12 22:51:51 | 000,001,680 | ---- | M] () -- C:\Dokumente und Einstellungen\ws2\Desktop\VirusTotal Uploader 2.0.lnk [2011.12.12 21:28:56 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.12.12 20:59:20 | 000,002,455 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware lohn+gehalt.lnk [2011.12.12 19:08:31 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.12.12 15:17:27 | 000,000,110 | ---- | M] () -- C:\WINDOWS\KMSTMVM.ini [2011.12.05 12:36:11 | 000,000,471 | ---- | M] () -- C:\Dokumente und Einstellungen\ws2\Desktop\Dokumente an Server-kinge.lnk [2011.12.05 08:58:26 | 000,558,886 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.12.05 08:58:26 | 000,539,182 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.12.05 08:58:26 | 000,116,234 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.12.05 08:58:26 | 000,101,366 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.11.23 10:09:45 | 000,001,893 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.11.23 09:51:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.11.21 13:07:45 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.12 23:15:44 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\ws2\Startmenü\Programme\Autostart\_uninst_.lnk [2011.12.12 22:51:51 | 000,001,680 | ---- | C] () -- C:\Dokumente und Einstellungen\ws2\Desktop\VirusTotal Uploader 2.0.lnk [2011.11.23 10:09:45 | 000,001,893 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.08.23 18:43:57 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2010.10.07 08:34:25 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2010.10.07 08:34:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2010.08.13 16:21:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.07.02 15:59:49 | 000,000,081 | ---- | C] () -- C:\WINDOWS\loge.dat [2010.04.28 17:38:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\LxTrans.INI [2010.03.20 19:21:35 | 000,000,110 | ---- | C] () -- C:\WINDOWS\KMSTMVM.ini [2010.03.20 17:18:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini [2010.03.20 17:18:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL [2010.03.20 17:18:20 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll [2010.03.20 17:18:13 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL [2010.03.20 11:19:06 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\ws2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.06 12:18:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.03.06 10:57:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010.03.06 10:44:57 | 000,015,934 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini [2010.03.06 10:44:43 | 000,015,609 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2010.03.06 10:44:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2010.03.06 10:44:33 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2010.03.06 10:39:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.03.06 10:35:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.03.06 10:15:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.03.06 10:14:44 | 000,131,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.07.03 04:11:18 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2009.07.03 04:11:18 | 000,007,756 | ---- | C] () -- C:\WINDOWS\cadx2.ini [2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.06.10 08:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.06.10 08:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2009.06.10 08:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007.08.16 16:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.02.28 13:00:00 | 000,558,886 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.02.28 13:00:00 | 000,539,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.02.28 13:00:00 | 000,116,234 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.02.28 13:00:00 | 000,101,366 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll [2000.11.09 14:39:06 | 000,000,225 | ---- | C] () -- C:\WINDOWS\UNO.INI < End of report > |
| Themen zu Need Help... Aus Sicherheitsgründen wurde mein Windowssystem geblockt! |
| 0x00000001, 2.0.7, adobe, avg, avg secure search, avg security toolbar, bho, bios, desktop, einstellungen, error, explorer, firefox, format, google earth, helper, langs, microsoft, mozilla, nvidia, plug-in, rarsfx0, realtek, registry, scan, secure, secure search, security, sfirm, software, temp, version=1.0, virus, vtoolbarupdater, wallpaper, winlogon |
Baum-Darstellung