|
Plagegeister aller Art und deren Bekämpfung: Trojaner: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert (Bitte um Hilfe)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.01.2012, 23:32 | #1 |
| Trojaner: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert (Bitte um Hilfe) Guten Abend trojaner-board - Team, ich habe mir soeben einen Trojaner eingefangen. Sofort nach der Anmeldung in Windows erscheint die Fehlermeldung "Achtung: Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert". Ich habe mich jetzt schonmal ein kleines bisschen eingelesen. Ich habe soeben den Rechner im abgesicherten Modus gestartet und mir die OTL.exe heruntergeladen. Mit OTL habe ich dann mit den empfohlenen Einstellungen die Log - Dateien erstellt. OTL.txt Code:
ATTFilter OTL logfile created on: 03.01.2012 23:16:04 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcel\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 84,42% Memory free 8,00 Gb Paging File | 7,42 Gb Available in Paging File | 92,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 9,15 Gb Free Space | 16,39% Space Free | Partition Type: NTFS Drive Z: | 465,76 Gb Total Space | 283,46 Gb Free Space | 60,86% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marcel\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.) SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron Technology Corp.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 CE 6F 35 8F BD CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.652 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.9 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.3.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.12 17:46:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.12 17:46:21 | 000,000,000 | ---D | M] [2011.11.22 16:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions [2011.11.22 16:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.12.23 18:28:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\5xyosp2l.default\extensions [2011.12.19 19:50:05 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\5xyosp2l.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.05.03 15:09:54 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\5xyosp2l.default\extensions\LogMeInClient@logmein.com [2011.12.19 19:50:01 | 000,003,915 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\5xyosp2l.default\searchplugins\sweetim.xml [2011.12.23 18:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.23 18:28:40 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2011.12.23 18:28:40 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF [2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: Facemoods = C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKCU..\Run: [{E62741C5-2980-11E0-8514-806E6F6E6963}] C:\Users\Marcel\AppData\Roaming\Microsoft\dllhsts.exe (The Pidgin developer community) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A97D594-1D23-434A-8A69-18CFCC27EDCA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.03 23:14:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.01.02 22:22:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.12.31 18:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.31 18:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.31 18:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.31 18:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.12.23 18:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2011.12.23 18:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2011.12.23 18:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2011.12.19 21:16:15 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Mp3tag [2011.12.19 21:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2011.12.19 21:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2011.12.19 20:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2011.12.19 19:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2011.12.19 19:50:12 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2011.12.19 19:50:12 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2011.12.19 19:50:12 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax [2011.12.19 19:50:12 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2011.12.19 19:50:12 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2011.12.19 19:50:12 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2011.12.19 19:50:12 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2011.12.19 19:50:12 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2011.12.19 19:50:12 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2011.12.19 19:50:12 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2011.12.19 19:50:11 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2011.12.19 19:50:11 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2011.12.19 19:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2011.12.19 19:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2011.12.19 19:05:45 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Audacity [2011.12.19 19:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) [2011.12.19 19:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2011.12.19 18:54:50 | 000,000,000 | ---D | C] -- C:\Users\Marcel\.dvdcss [2011.12.19 18:54:28 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\MPlayer [2011.12.19 18:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDx 4.0 [2011.12.19 18:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDx 4.0 Open Edition [2011.12.19 18:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011.12.19 18:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2011.12.19 18:47:04 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Documents\AnyDVDHD [2011.12.18 19:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix [2011.12.18 19:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free DVD MP3 Ripper [2011.12.14 19:10:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.14 19:10:08 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.14 19:10:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.14 19:10:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.14 19:10:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.14 19:10:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.14 19:10:07 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.14 19:10:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.14 19:07:56 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.14 19:07:56 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.08.06 20:05:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Marcel\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.03 23:14:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.01.03 23:12:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.03 23:12:22 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys [2012.01.03 23:11:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.03 22:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.03 22:22:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3135362412-221427375-3616554574-1001UA.job [2012.01.03 21:22:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3135362412-221427375-3616554574-1001Core.job [2012.01.03 18:19:44 | 000,792,528 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.03 18:19:44 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.03 18:19:44 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.03 18:19:44 | 000,011,392 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.03 18:19:44 | 000,006,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.03 18:18:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.03 18:18:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.30 13:28:36 | 001,921,940 | ---- | M] () -- C:\Users\Marcel\Desktop\AC185.zip [2011.12.24 07:23:27 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.12.18 19:47:55 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.12.15 16:11:52 | 005,890,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.30 13:28:24 | 001,921,940 | ---- | C] () -- C:\Users\Marcel\Desktop\AC185.zip [2011.12.19 19:50:12 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2011.12.19 19:50:12 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2011.12.19 19:50:12 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.12.19 19:50:12 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2011.12.19 19:50:12 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2011.12.19 19:50:12 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2011.12.19 19:50:11 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2011.12.19 19:50:11 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2011.12.19 19:50:11 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2011.12.19 19:50:11 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2011.12.19 19:05:40 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk [2011.11.28 21:30:46 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.11.25 19:31:15 | 000,000,296 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.10.26 19:36:05 | 000,812,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.10 22:49:45 | 000,000,132 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.09.10 22:44:09 | 000,000,132 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.08.15 21:30:10 | 000,000,600 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\winscp.rnd [2011.08.06 20:05:58 | 000,099,384 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\inst.exe [2011.08.06 20:05:58 | 000,007,859 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\pcouffin.cat [2011.08.06 20:05:58 | 000,001,167 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\pcouffin.inf [2011.08.06 20:04:38 | 000,001,041 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\vso_ts_preview.xml [2011.07.18 21:49:59 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.06.27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.23 16:32:06 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.04.06 21:41:11 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini [2011.03.28 19:26:09 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.03.18 19:04:04 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.03.18 19:04:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.03.18 19:03:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.03.18 19:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.03.18 19:01:10 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.03.16 12:41:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.01 18:07:08 | 000,003,949 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.01.26 21:03:19 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe [2011.01.26 21:03:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll ========== LOP Check ========== [2011.02.05 22:13:02 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Ashampoo [2011.12.19 21:14:06 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Audacity [2011.05.03 15:29:59 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\AudioConverter [2011.12.19 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\ICQ [2011.11.01 19:08:25 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\ImgBurn [2011.07.18 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Leadertech [2011.03.05 13:10:02 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\MAGIX [2011.12.19 21:18:42 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Mp3tag [2011.01.26 21:43:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Notepad++ [2011.05.16 20:56:49 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Rainmeter [2011.10.27 04:34:05 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\redsn0w [2011.03.10 13:55:55 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Sigel [2011.05.11 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\SlySoft [2011.03.28 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\TeamViewer [2011.11.22 16:46:06 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\TomTom [2011.04.10 20:52:18 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\TuneUp Software [2011.09.24 19:46:25 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Vso [2011.09.10 20:42:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:F23B9F75DA36103E < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.01.2012 23:16:04 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcel\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,38 Gb Available Physical Memory | 84,42% Memory free 8,00 Gb Paging File | 7,42 Gb Available in Paging File | 92,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 9,15 Gb Free Space | 16,39% Space Free | Partition Type: NTFS Drive Z: | 465,76 Gb Total Space | 283,46 Gb Free Space | 60,86% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6F482C75-174D-42EB-A2CF-B00A1F354F7B}" = WD SmartWare "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "MediaInfo" = MediaInfo 0.7.41 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "sp6" = Logitech SetPoint 6.30 "VistaGlazz_is1" = VistaGlazz 2.4 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D420647-DF79-D93E-66E1-6B053F1F9BE0}" = Application Profiles "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24 "{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{41E340F0-0BD6-4A87-AF29-E9E584471756}" = VideoMate T, M, P, S Series Driver "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1 "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{59E98F3F-48D6-42A9-8250-079671E02B2D}" = StuffIt Expander 2011 "{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.0.52 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{7FAEAEC0-9E27-492F-AFB9-9D905B2779BE}" = MAGIX Web Designer 6 "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3 "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2 "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2 "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J415W "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AnyDVD" = AnyDVD "Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CloneCD" = CloneCD "CloneDVD2" = CloneDVD2 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "DVD Flick_is1" = DVD Flick 1.3.0.7 "DVDStyler_is1" = DVDStyler v1.8.2 "DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "ExtractNow_is1" = ExtractNow "facemoods" = facemoods "FormatFactory" = FormatFactory 2.60 "Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12 "ImgBurn" = ImgBurn "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "MAGIX_MSI_Web_Designer_6" = MAGIX Web Designer 6 "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "Mp3tag" = Mp3tag v2.49a "Notepad++" = Notepad++ "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Rainmeter" = Rainmeter "RealVNC_is1" = VNC Free Edition 4.1.3 "Sigel Professional Label Software SE" = Sigel Professional Label Software SE "TeamViewer 6" = TeamViewer 6 "TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15 "TomTom HOME" = TomTom HOME 2.8.2.2264 "VLC media player" = VLC media player 1.1.6 "winscp3_is1" = WinSCP 4.3.4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16.11.2011 19:31:23 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.11.2011 19:31:23 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.11.2011 19:31:23 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.11.2011 19:31:23 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 19.11.2011 19:30:53 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 22.11.2011 11:46:06 | Computer Name = Marcel-PC | Source = TomTomHOMEService | ID = 10000 Description = Error - 23.11.2011 12:54:16 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 24.11.2011 19:30:54 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 27.11.2011 19:30:50 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 29.11.2011 16:16:46 | Computer Name = Marcel-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 03.01.2012 18:12:41 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:12:41 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:12:41 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:14:24 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:14:27 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:14:27 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:14:27 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:14:47 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:14:47 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 03.01.2012 18:14:47 | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Vielen Dank schonmal!! Gruß Marcel |
04.01.2012, 05:13 | #2 |
| Trojaner: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert (Bitte um Hilfe) Hier auch noch die Log - Datei von Eset:
__________________Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b692341e65dec748b585709a63d395a3 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-01-04 12:13:27 # local_time=2012-01-04 01:13:27 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775166 100 94 114744 62170293 0 0 # compatibility_mode=5893 16776574 100 94 16784013 77263322 0 0 # compatibility_mode=8192 67108863 100 0 4333 4333 0 0 # scanned=200958 # found=34 # cleaned=0 # scan_time=2535 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\Local\Temp\jar_cache1155875881353135849.tmp a variant of Java/TrojanDownloader.OpenStream.NCE trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\67a805d1-45052c2c a variant of Java/Exploit.CVE-2011-3544.Q trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\35b51792-665c42b6 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\7ddef255-2c09a468 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-768ffe17 a variant of Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\248de568-48a2c778 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\45a0102a-1b419554 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1bfed5eb-12524bbf multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\3b3a196e-543f8eb5 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\2b197af-4fa21cd9 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\466adef0-610224c2 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\459c9605-423bc3b8 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\64eed345-6c10ba02 a variant of Java/Agent.DM trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\782a237-5d7cb376 Java/TrojanDownloader.Agent.NCM trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\69b417fb-7f5ab2dd multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\726f6486-60594d90 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1dd6207d-6a12b6fd Java/TrojanDownloader.Agent.NCM trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\560440fe-7d3bf80d multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\21ee02bf-3390c1d5 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\53e59547-1574c72b multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\53e59547-576a5ac3 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\53e59547-76ae8f53 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1a2b9c08-29c05d87 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Windows\KMService.exe Win32/HackKMS.A application (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\554ee.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I |
Themen zu Trojaner: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert (Bitte um Hilfe) |
64-bit, alternate, aus sicherheitsgründen wurde ihr windowssystem blockiert, autorun, avira, bho, blockiert, bonjour, c:\windows\system32\rundll32.exe, document, driver genius, einstellungen, entfernen, error, firefox, flash player, format, google chrome, install.exe, jdownloader, langs, logfile, microsoft office word, mp3, nicht gefunden, object, pdfforge toolbar, plug-in, realtek, registry, remote access, richtlinie, rundll, scan, sched.exe, security, senden, software, studio, super, sweetim, trojaner, trojaner-board, usb, usb 3.0, version=1.0, visual studio, webcheck, windows, wurde ihr |