|
Plagegeister aller Art und deren Bekämpfung: Windows blockiert aus Sicherheitsgründen - TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.01.2012, 12:11 | #1 |
| Windows blockiert aus Sicherheitsgründen - Trojaner Hallo, ich habe seit gestern Abend anscheinend einen Trojaner, der hier im Forum auch schon mehrfach beschrieben wurde als "50 Euro Virus". Im Online-Modus wird der Bildschirm schwarz und die Meldung "Windows wurde aus Sicherheitsgründen blockiert" mit der Aufforderung ein kostenpflichtiges Sicherheitsupdate zu machen. Wenn der Laptop nicht mit dem Internet verbunden ist, funktioniert alles ganz normal. Ich habe gestern schon einen Scan mit Avira AntiVir Personal durchgeführt und dabei hat er zwei Dateien gefunden. Ich weiss leider nicht ob und wie man davon einen LogFile erstellen kann, deshalb mal so: es wurden die Dateien "EXP/CVE-2011-3544.P" sowie "TR/ATRAPS.Gen2" gefunden und in Quarantäneverzeichnisse verschoben. Ich wusste jetzt nicht ob ich diese dann manuell ganz löschen soll? Ich habe ein Asus-Notebook (Intel Core 2 Duo SU7300 1,3GHz, 4GB RAM, 320GB S-ATA, Windows 7 HomePremium). (weiss nicht ob ihr die Daten braucht aber ich habe sie mal zur Sicherheit beigefügt) Nun kenne ich mich leider überhaupt nicht mit sowas aus und bräuchte eine Erklärung für Dummies wie ich den Virus los werde Da ich wichtige Abgabetermine für die Uni habe, wäre es für mich auch wichtig zu wissen, ob ich mir gefahrlos Word- und Bilddateien auf einen USB-Stick ziehen kann, ohne den Virus damit zu verschleppen? Schon im Voraus vielen Dank für die Hilfe! LG, Judith (Hier der Inhalt von OTL.txt) OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.01.2012 11:43:57 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Judith\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 3,40 Gb Available Physical Memory | 85,78% Memory free 7,93 Gb Paging File | 7,39 Gb Available in Paging File | 93,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 3,59 Gb Free Space | 4,82% Space Free | Partition Type: NTFS Drive D: | 204,03 Gb Total Space | 67,04 Gb Free Space | 32,86% Space Free | Partition Type: NTFS Drive F: | 3,78 Gb Total Space | 2,90 Gb Free Space | 76,53% Space Free | Partition Type: FAT32 Computer Name: JUDITH-PC | User Name: Judith | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.06 11:30:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.09.17 19:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011.08.15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.07.02 16:02:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 18:16:57 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.27 00:19:54 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.07.02 16:02:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.02 16:02:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.18 19:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.08.20 05:53:04 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.08.21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.08.06 22:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.28 21:05:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.27 08:04:35 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.17 09:52:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 04:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.04.30 14:43:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.12.08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.07.24 19:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=hp" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 13:28:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 13:28:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.06 00:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.06 00:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 07:37:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.10.22 10:39:00 | 000,000,000 | ---D | M] [2011.07.27 12:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judith\AppData\Roaming\mozilla\Extensions [2010.12.26 09:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judith\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.07.27 12:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judith\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2011.12.24 10:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\f98ke5c3.default\extensions [2011.12.08 11:42:59 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\f98ke5c3.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.12.08 11:43:01 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\f98ke5c3.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e} [2011.11.14 14:37:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\f98ke5c3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.01.02 12:24:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\f98ke5c3.default\extensions\engine@conduit.com [2011.01.18 20:05:04 | 000,001,376 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\f98ke5c3.default\searchplugins\wikipedia-ja.xml [2011.12.06 00:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.01.16 07:33:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.12.06 00:22:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.06 00:22:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.06 00:22:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.06 00:22:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.06 00:22:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.06 00:22:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.06 00:22:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GrooveMonitor] D:\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [{980F54C4-AC10-11DF-88B2-806E6F6E6963}] C:\Users\Judith\AppData\Roaming\Microsoft\loadhst.exe (The Pidgin developer community) O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - Startup: C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Judith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99C5D24D-3971-4B56-9821-96DE665AEEFC}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b2e82888-0aaa-11e0-acbe-20cf3031beb8}\Shell - "" = AutoRun O33 - MountPoints2\{b2e82888-0aaa-11e0-acbe-20cf3031beb8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.06 11:33:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exe [2012.01.02 21:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2012.01.02 21:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2012.01.02 21:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems [2012.01.02 17:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.01.02 17:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2011.12.27 00:37:03 | 000,000,000 | ---D | C] -- C:\Users\Judith\AppData\Roaming\Trine2 [2011.12.27 00:19:54 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.12.27 00:18:36 | 000,000,000 | ---D | C] -- C:\Users\Judith\AppData\Roaming\DAEMON Tools Lite [2011.12.27 00:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.12.27 00:14:08 | 000,000,000 | ---D | C] -- C:\Users\Judith\AppData\Roaming\CyberLink [2011.12.24 16:08:20 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2011.12.23 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\Judith\AppData\Roaming\Google [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.06 11:34:39 | 000,000,000 | ---- | M] () -- C:\Users\Judith\defogger_reenable [2012.01.06 11:34:24 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.06 11:34:24 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.06 11:34:24 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.06 11:34:24 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.06 11:34:24 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.06 11:30:42 | 000,302,592 | ---- | M] () -- C:\Users\Judith\Desktop\lub5nrr0.exe [2012.01.06 11:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.06 11:30:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exe [2012.01.06 11:30:13 | 3193,716,736 | -HS- | M] () -- C:\hiberfil.sys [2012.01.06 11:28:46 | 000,050,477 | ---- | M] () -- C:\Users\Judith\Desktop\Defogger.exe [2012.01.06 11:28:29 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.06 11:19:55 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.06 11:19:55 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.06 10:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.05 23:52:22 | 000,002,200 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.01.05 19:26:13 | 000,194,475 | ---- | M] () -- C:\Users\Judith\Desktop\Unbenannt6.jpg [2012.01.05 19:25:41 | 000,250,628 | ---- | M] () -- C:\Users\Judith\Desktop\Unbenannt5.jpg [2012.01.05 19:25:08 | 000,239,718 | ---- | M] () -- C:\Users\Judith\Desktop\Unbenannt4.jpg [2012.01.05 19:24:29 | 000,253,596 | ---- | M] () -- C:\Users\Judith\Desktop\Unbenannt3.jpg [2012.01.05 19:23:53 | 000,182,597 | ---- | M] () -- C:\Users\Judith\Desktop\Unbenannt.jpg [2012.01.05 19:23:23 | 000,247,593 | ---- | M] () -- C:\Users\Judith\Desktop\Unbenannt2.jpg [2012.01.03 10:19:09 | 000,001,419 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.01.02 21:15:26 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2012.01.02 21:14:15 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2011.12.27 00:19:54 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.12.23 22:43:17 | 000,000,642 | ---- | M] () -- C:\Users\Judith\Desktop\Uni.lnk [2011.12.15 20:08:56 | 000,443,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.06 11:34:39 | 000,000,000 | ---- | C] () -- C:\Users\Judith\defogger_reenable [2012.01.06 11:33:38 | 000,302,592 | ---- | C] () -- C:\Users\Judith\Desktop\lub5nrr0.exe [2012.01.06 11:33:38 | 000,050,477 | ---- | C] () -- C:\Users\Judith\Desktop\Defogger.exe [2012.01.05 19:26:13 | 000,194,475 | ---- | C] () -- C:\Users\Judith\Desktop\Unbenannt6.jpg [2012.01.05 19:25:41 | 000,250,628 | ---- | C] () -- C:\Users\Judith\Desktop\Unbenannt5.jpg [2012.01.05 19:25:08 | 000,239,718 | ---- | C] () -- C:\Users\Judith\Desktop\Unbenannt4.jpg [2012.01.05 19:24:29 | 000,253,596 | ---- | C] () -- C:\Users\Judith\Desktop\Unbenannt3.jpg [2012.01.05 19:23:23 | 000,247,593 | ---- | C] () -- C:\Users\Judith\Desktop\Unbenannt2.jpg [2012.01.05 19:22:15 | 000,182,597 | ---- | C] () -- C:\Users\Judith\Desktop\Unbenannt.jpg [2012.01.02 21:14:14 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012.01.02 21:14:07 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF [2011.12.23 22:43:03 | 000,000,642 | ---- | C] () -- C:\Users\Judith\Desktop\Uni.lnk [2011.08.29 10:48:00 | 000,039,680 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.01.10 08:51:58 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe [2011.01.07 04:00:48 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.11 15:35:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.20 05:52:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll [2010.08.20 05:33:28 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.02.09 08:07:38 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe [2010.02.09 08:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009.10.26 04:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009.07.28 21:04:11 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.28 21:04:11 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.28 21:04:11 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.28 21:04:11 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.12.02 02:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2006.05.19 04:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini ========== LOP Check ========== [2010.12.07 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Asus WebStorage [2011.04.27 08:58:48 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Azureus [2011.12.27 00:21:58 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\DAEMON Tools Lite [2012.01.06 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Dropbox [2011.01.06 13:28:58 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Local [2010.12.18 01:53:53 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\OpenOffice.org [2011.07.27 12:27:09 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Philips [2011.07.27 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Philips-Songbird [2011.09.08 11:09:31 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Simfy [2011.01.10 09:18:14 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\SoftGrid Client [2010.12.26 09:53:07 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Thunderbird [2011.01.07 04:01:38 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\TP [2011.12.27 00:37:03 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Trine2 [2011.12.12 16:29:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.12.07 21:42:41 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.12.07 21:43:18 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2010.08.20 05:51:21 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS [2009.07.29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.08.20 05:52:44 | 000,000,000 | ---D | M] -- C:\eSupport [2010.12.07 21:29:55 | 000,000,000 | -HSD | M] -- C:\found.000 [2010.08.20 05:43:08 | 000,000,000 | ---D | M] -- C:\NV13682356.TMP-nv27782 [2010.08.20 05:43:20 | 000,000,000 | ---D | M] -- C:\NV26601888.TMP-nv27822 [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.23 22:37:00 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.02 21:14:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.27 00:18:27 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.12.07 21:23:09 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.06 09:44:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.04.18 14:30:20 | 000,000,000 | R--D | M] -- C:\Users [2012.01.06 00:02:56 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.08.20 05:44:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.08.20 05:28:40 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.08.20 05:44:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.08.20 05:28:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.08.20 05:44:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.08.20 05:28:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.08.20 05:44:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.08.20 05:28:40 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.08.20 05:44:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.08.20 05:44:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010.08.20 05:44:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > [/code) (extras.txt) OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.01.2012 11:43:57 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Judith\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 3,40 Gb Available Physical Memory | 85,78% Memory free 7,93 Gb Paging File | 7,39 Gb Available in Paging File | 93,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 3,59 Gb Free Space | 4,82% Space Free | Partition Type: NTFS Drive D: | 204,03 Gb Total Space | 67,04 Gb Free Space | 32,86% Space Free | Partition Type: NTFS Drive F: | 3,78 Gb Total Space | 2,90 Gb Free Space | 76,53% Space Free | Partition Type: FAT32 Computer Name: JUDITH-PC | User Name: Judith | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "USB 2.0 UVC 0.3M WebCam" = USB 2.0 UVC 0.3M WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy "{0DB677AC-E392-42E4-919F-645705F12447}" = OpenOffice.org 3.3 "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI "{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi "{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ASUS AP Bank_is1" = ASUS AP Bank "ASUS WebStorage" = ASUS WebStorage "ASUS_UL_Series_Screensaver" = ASUS_UL_Series_Screensaver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo II" = Diablo II "DivX Setup.divx.com" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "LogMeIn Hamachi" = LogMeIn Hamachi "Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "Picasa 3" = Picasa 3 "Simfy" = simfy "VLC media player" = VLC media player 1.1.5 "WinLiveSuite_Wave3" = Windows Live Essentials "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.12.2011 16:42:43 | Computer Name = Judith-PC | Source = Bonjour Service | ID = 100 Description = Error - 22.12.2011 16:42:44 | Computer Name = Judith-PC | Source = Bonjour Service | ID = 100 Description = Error - 22.12.2011 16:42:44 | Computer Name = Judith-PC | Source = Bonjour Service | ID = 100 Description = Error - 22.12.2011 16:42:44 | Computer Name = Judith-PC | Source = Bonjour Service | ID = 100 Description = Error - 23.12.2011 12:54:33 | Computer Name = Judith-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 23.12.2011 17:23:51 | Computer Name = Judith-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Die Anwendung oder der Dienst "Apple Mobile Device" konnte nicht neu gestartet werden. Error - 24.12.2011 07:09:33 | Computer Name = Judith-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 25.12.2011 05:22:30 | Computer Name = Judith-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 25.12.2011 22:53:26 | Computer Name = Judith-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 26.12.2011 12:44:14 | Computer Name = Judith-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = [ Cisco AnyConnect VPN Client Events ] Error - 06.01.2012 06:28:49 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:28:54 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:28:59 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:29:04 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:29:09 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:29:14 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:29:19 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:29:24 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:29:29 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected Error - 06.01.2012 06:29:34 | Computer Name = Judith-PC | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901365 (0xFE47000B) Description: NETENVIRONMENT_ERROR_NO_DNS_SERVER:A domain name server could not be detected [ OSession Events ] Error - 29.06.2011 14:30:53 | Computer Name = Judith-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 571 seconds with 540 seconds of active time. This session ended with a crash. Error - 30.06.2011 04:50:02 | Computer Name = Judith-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7014 seconds with 1440 seconds of active time. This session ended with a crash. [ System Events ] Error - 06.01.2012 06:30:35 | Computer Name = Judith-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 06.01.2012 06:30:35 | Computer Name = Judith-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error - 06.01.2012 06:30:38 | Computer Name = Judith-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avipbb discache spldr Wanarpv6 Error - 06.01.2012 06:30:45 | Computer Name = Judith-PC | Source = DCOM | ID = 10005 Description = Error - 06.01.2012 06:30:52 | Computer Name = Judith-PC | Source = DCOM | ID = 10005 Description = Error - 06.01.2012 06:30:55 | Computer Name = Judith-PC | Source = DCOM | ID = 10005 Description = Error - 06.01.2012 06:30:56 | Computer Name = Judith-PC | Source = DCOM | ID = 10005 Description = Error - 06.01.2012 06:30:56 | Computer Name = Judith-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 06.01.2012 06:40:32 | Computer Name = Judith-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 06.01.2012 06:40:33 | Computer Name = Judith-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Geändert von Siderfang (06.01.2012 um 12:22 Uhr) |
06.01.2012, 12:56 | #2 |
/// Malware-holic | Windows blockiert aus Sicherheitsgründen - Trojaner hi
__________________starte mal den pc neu, drücke f8 wähle abgesicherter modus mit netzwerk, da hast du dann erst mal internet. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKCU..\Run: [{980F54C4-AC10-11DF-88B2-806E6F6E6963}] C:\Users\Judith\AppData\Roaming\Microsoft\loadhst.exe (The Pidgin developer community) :Files C:\Users\Judith\AppData\Roaming\Microsoft\loadhst.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden 2. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html 3. öffne avira, berichte, poste den scan report mit den funden.
__________________ |
06.01.2012, 14:05 | #3 |
| Windows blockiert aus Sicherheitsgründen - Trojaner Hallo!
__________________Vielen Dank für die schnelle Antwort Ich habe die genannten Schritte befolgt. Hier der Inhalt des Textdokuments: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{980F54C4-AC10-11DF-88B2-806E6F6E6963} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{980F54C4-AC10-11DF-88B2-806E6F6E6963}\ not found. C:\Users\Judith\AppData\Roaming\Microsoft\loadhst.exe moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 56468 bytes User: Default User ->Flash cache emptied: 0 bytes User: Judith ->Flash cache emptied: 145417 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Judith ->Temp folder emptied: 1029613494 bytes ->Temporary Internet Files folder emptied: 57842851 bytes ->Java cache emptied: 344707 bytes ->FireFox cache emptied: 49409735 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 31248 bytes %systemroot% .tmp files removed: 1533399 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 244549114 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.319,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01062012_134333 Files\Folders moved on Reboot... C:\Users\Judith\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Code:
ATTFilter Avira AntiVir Personal Erstellungsdatum der Reportdatei: Freitag, 6. Januar 2012 00:07 Es wird nach 3029016 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Abgesicherter Modus Benutzername : Judith Computername : JUDITH-PC Versionsinformationen: BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 02.07.2011 15:02:58 AVSCAN.DLL : 10.0.5.0 57192 Bytes 02.07.2011 15:02:58 LUKE.DLL : 10.3.0.5 45416 Bytes 02.07.2011 15:02:58 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 02.07.2011 15:02:59 AVREG.DLL : 10.3.0.9 88833 Bytes 14.07.2011 17:53:19 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:09:54 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 02:54:29 VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 02:54:29 VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 02:54:29 VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 02:54:29 VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 02:54:29 VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 02:54:29 VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 02:54:29 VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 02:54:30 VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 02:54:30 VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 02:54:30 VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 02:54:30 VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 02:54:30 VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 02:54:31 VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 10:48:35 VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 14:42:40 VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 16:36:42 VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 16:36:44 VBASE019.VDF : 7.11.20.140 2048 Bytes 04.01.2012 16:36:44 VBASE020.VDF : 7.11.20.141 2048 Bytes 04.01.2012 16:36:44 VBASE021.VDF : 7.11.20.142 2048 Bytes 04.01.2012 16:36:44 VBASE022.VDF : 7.11.20.143 2048 Bytes 04.01.2012 16:36:44 VBASE023.VDF : 7.11.20.144 2048 Bytes 04.01.2012 16:36:44 VBASE024.VDF : 7.11.20.145 2048 Bytes 04.01.2012 16:36:45 VBASE025.VDF : 7.11.20.146 2048 Bytes 04.01.2012 16:36:45 VBASE026.VDF : 7.11.20.147 2048 Bytes 04.01.2012 16:36:45 VBASE027.VDF : 7.11.20.148 2048 Bytes 04.01.2012 16:36:45 VBASE028.VDF : 7.11.20.149 2048 Bytes 04.01.2012 16:36:45 VBASE029.VDF : 7.11.20.150 2048 Bytes 04.01.2012 16:36:45 VBASE030.VDF : 7.11.20.151 2048 Bytes 04.01.2012 16:36:45 VBASE031.VDF : 7.11.20.171 137728 Bytes 05.01.2012 16:36:46 Engineversion : 8.2.8.18 AEVDF.DLL : 8.1.2.2 106868 Bytes 30.10.2011 10:28:07 AESCRIPT.DLL : 8.1.3.95 479612 Bytes 29.12.2011 10:48:47 AESCN.DLL : 8.1.7.2 127349 Bytes 13.12.2010 07:39:16 AESBX.DLL : 8.2.4.5 434549 Bytes 02.12.2011 11:16:08 AERDL.DLL : 8.1.9.15 639348 Bytes 10.09.2011 15:13:33 AEPACK.DLL : 8.2.15.1 770423 Bytes 14.12.2011 10:59:44 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 01.01.2012 14:42:48 AEHEUR.DLL : 8.1.3.14 4260216 Bytes 01.01.2012 14:42:47 AEHELP.DLL : 8.1.18.0 254327 Bytes 30.10.2011 10:27:56 AEGEN.DLL : 8.1.5.17 405877 Bytes 12.12.2011 10:48:58 AEEMU.DLL : 8.1.3.0 393589 Bytes 13.12.2010 07:39:10 AECORE.DLL : 8.1.24.3 201079 Bytes 29.12.2011 10:48:41 AEBB.DLL : 8.1.1.0 53618 Bytes 13.12.2010 07:39:10 AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:20 AVPREF.DLL : 10.0.3.2 44904 Bytes 02.07.2011 15:02:58 AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 07:30:06 AVARKT.DLL : 10.0.26.1 255336 Bytes 02.07.2011 15:02:57 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 02.07.2011 15:02:58 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:20 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 02.07.2011 15:02:57 RCTEXT.DLL : 10.0.64.0 98664 Bytes 02.07.2011 15:02:57 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Freitag, 6. Januar 2012 00:07 Der Suchlauf nach versteckten Objekten wird begonnen. Der Treiber konnte nicht initialisiert werden. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '78' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '853' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS> C:\Users\Judith\AppData\Local\Temp\jar_cache3423736762642706521.tmp [0] Archivtyp: ZIP --> lat.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.K C:\Windows\System32\consrv.dll [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 Beginne mit der Suche in 'D:\' <DATA> Beginne mit der Desinfektion: C:\Windows\System32\consrv.dll [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a3beff7.qua' verschoben! C:\Users\Judith\AppData\Local\Temp\jar_cache3423736762642706521.tmp [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.P [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52a0c0a2.qua' verschoben! Ende des Suchlaufs: Freitag, 6. Januar 2012 02:27 Benötigte Zeit: 1:43:40 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 29270 Verzeichnisse wurden überprüft 612290 Dateien wurden geprüft 3 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 612287 Dateien ohne Befall 4414 Archive wurden durchsucht 0 Warnungen 2 Hinweise Windows startet nun übrigens normal und geht auch Online ohne die Fehlermeldung des Trojaners wieder anzuzeigen. Dafür schonmal Danke!!!!! LG, Judith |
06.01.2012, 15:53 | #4 |
/// Malware-holic | Windows blockiert aus Sicherheitsgründen - Trojaner danke dir Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
08.01.2012, 13:16 | #5 |
| Windows blockiert aus Sicherheitsgründen - Trojaner ich habe ein Problem. Vor der Ausführung von ComboFix deaktiviere ich AntiVir (der Regenschirm wird dann auch ungeöffnet angezeigt) aber wenn ich dann ComboFix starte, bekomme ich die Meldung, dass AntiVir noch aktiviert ist. Ich habe auch schon versucht per TaskManager AntiVir zu beenden, aber da bekomme ich die Fehlermeldung, dass mir der Zugriff verweigert wurde. Was muss ich tun? :/ |
09.01.2012, 14:08 | #6 |
/// Malware-holic | Windows blockiert aus Sicherheitsgründen - Trojaner hi, einfach auf ok klicken, dann arbeitet cf weiter.
__________________ --> Windows blockiert aus Sicherheitsgründen - Trojaner |
11.01.2012, 01:20 | #7 |
| Windows blockiert aus Sicherheitsgründen - Trojaner hey, danke, hat geklappt hier der inhalt der logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 12-01-07.03 - Judith 11.01.2012 0:43.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4061.2635 [GMT 1:00] ausgeführt von:: c:\users\Judith\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk c:\users\Judith\AppData\Roaming\Local c:\users\Judith\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi c:\users\Judith\AppData\Roaming\Local\Temp\DDM\Settings\gossip.girl.s04e19.hdtv.xvid-fqm.avi.ddr c:\users\Judith\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi c:\users\Judith\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\gossip.girl.s04e19.hdtv.xvid-fqm.avi.ddp . . ((((((((((((((((((((((( Dateien erstellt von 2011-12-10 bis 2012-01-10 )))))))))))))))))))))))))))))) . . 2012-01-10 23:53 . 2012-01-10 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-06 12:43 . 2012-01-06 12:55 -------- d-----w- C:\_OTL 2012-01-02 20:14 . 2012-01-02 20:14 -------- d-----w- c:\program files\Common Files\Deterministic Networks 2012-01-02 20:14 . 2012-01-02 20:14 -------- d-----w- c:\program files (x86)\Cisco Systems 2012-01-02 16:53 . 2012-01-02 16:53 -------- d-----w- c:\program files (x86)\Cisco 2011-12-26 23:37 . 2011-12-26 23:37 -------- d-----w- c:\users\Judith\AppData\Roaming\Trine2 2011-12-26 23:32 . 2011-12-26 23:32 3850760 ----a-w- c:\windows\system32\d3dx9_38.dll 2011-12-26 23:19 . 2011-12-26 23:19 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-12-26 23:18 . 2011-12-26 23:21 -------- d-----w- c:\users\Judith\AppData\Roaming\DAEMON Tools Lite 2011-12-26 23:18 . 2011-12-26 23:18 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-12-26 23:14 . 2011-12-26 23:14 -------- d-----w- c:\users\Public\CyberLink 2011-12-26 23:14 . 2011-12-26 23:14 -------- d-----w- c:\users\Judith\AppData\Roaming\CyberLink 2011-12-24 15:08 . 2011-12-24 15:12 -------- d-----w- c:\windows\rescache 2011-12-14 21:12 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys 2011-12-14 21:12 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll 2011-12-14 21:12 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-12-14 21:12 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-14 21:12 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 09:47 . 2011-11-25 09:47 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Judith\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Judith\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Judith\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-08-20 2429] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608] "DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "GrooveMonitor"="d:\office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208] . c:\users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Judith\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-8-20 12862] SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-20 156880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 14:38] . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 14:38] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Judith\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Judith\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Judith\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Judith\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - d:\office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\f98ke5c3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file) URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file) HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe c:\windows\AsScrPro.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Zeit der Fertigstellung: 2012-01-11 01:15:30 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-01-11 00:15 . Vor Suchlauf: 4.629.057.536 Bytes frei Nach Suchlauf: 4.374.962.176 Bytes frei . - - End Of File - - 7584A85A7C31549B58BFED39C4AA3A85 |
11.01.2012, 13:55 | #8 |
/// Malware-holic | Windows blockiert aus Sicherheitsgründen - Trojaner malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.01.2012, 00:04 | #9 |
| Windows blockiert aus Sicherheitsgründen - Trojaner hey, hier der Inhalt der Logdatei von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.11.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Judith :: JUDITH-PC [Administrator] 11.01.2012 22:38:12 mbam-log-2012-01-11 (22-38-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 343366 Laufzeit: 1 Stunde(n), 19 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01062012_134333\C_Users\Judith\AppData\Roaming\Microsoft\loadhst.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
12.01.2012, 14:17 | #10 |
/// Malware-holic | Windows blockiert aus Sicherheitsgründen - Trojaner C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. kennst du das?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.01.2012, 16:16 | #11 |
| Windows blockiert aus Sicherheitsgründen - Trojaner Nein, sorry, keine Ahnung was das ist. Ich hab's mal gegoogled und da steht, dass es entweder Malware ist oder was mit Microsoft Office zu tun hat??? |
12.01.2012, 16:19 | #12 |
/// Malware-holic | Windows blockiert aus Sicherheitsgründen - Trojaner für mich sieht das nach nem keygen aus, nutzt du so was?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.01.2012, 17:06 | #13 |
| Windows blockiert aus Sicherheitsgründen - Trojaner Nee, eigentlich nicht ____ doch moment, jetzt ist es mir eingefallen. mein bruder hat mir sowas mal für irgendein spiel gegeben, glaub ich. Geändert von Siderfang (12.01.2012 um 17:20 Uhr) |
12.01.2012, 17:20 | #14 |
/// Malware-holic | Windows blockiert aus Sicherheitsgründen - Trojaner hi lade den CCleaner standard: CCleaner Download - CCleaner 3.14.1616 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.01.2012, 00:24 | #15 |
| Windows blockiert aus Sicherheitsgründen - Trojaner hey, da sind leider ziemlich viele "unbekannte" dabei, weil ich mich mit sowas ja leider überhaupt nicht auskenne, kann also auch gut sein, dass da welche dabei sind, die ich evtl brauche damit der laptop überhaupt läuft? :/ Code:
ATTFilter Acrobat.com Adobe Systems Incorporated 18.08.2010 1,61MB 1.6.65 - unbekannt Adobe AIR Adobe Systems Incorporated 07.09.2011 2.7.1.19610 - unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 19.08.2010 10.0.42.34 - unbekannt Adobe Flash Player 10 Plugin Adobe Systems Incorporated 03.10.2011 6,00MB 10.3.183.10 - unbekannt Adobe Reader 9.4.6 MUI Adobe Systems Incorporated 21.10.2011 656MB 9.4.6 - notwendig Alcor Micro USB Card Reader Alcor Micro Corp. 18.08.2010 2,89MB 1.5.17.25482 - unbekannt ASUS AI Recovery ASUS 18.08.2010 2,89MB 1.0.6 - unbekannt ASUS AP Bank ASUSTEK 18.08.2010 1.0.0.0 - unbekannt ASUS Data Security Manager ASUS 18.08.2010 15,1MB 1.00.0013 - unbekannt ASUS FancyStart ASUSTeK Computer Inc. 18.08.2010 10,5MB 1.0.6 - unbekannt ASUS LifeFrame3 ASUS 18.08.2010 27,7MB 3.0.20 - unbekannt ASUS Live Update ASUS 19.08.2010 2.5.9 - unbekannt ASUS MultiFrame ASUS 19.08.2010 1.0.0019 - unbekannt ASUS Power4Gear Hybrid ASUS 18.08.2010 11,8MB 1.1.25 - unbekannt ASUS SmartLogon ASUS 18.08.2010 10,9MB 1.0.0007 - unbekannt ASUS Virtual Camera asus 18.08.2010 3,15MB 1.0.17 - unbekannt ASUS WebStorage eCareme Technologies, Inc. 19.08.2010 2.0.46.1429 - unbekannt ASUS_UL_Series_Screensaver 19.08.2010 - unbekannt Atheros Client Installation Program Atheros 18.08.2010 7.0 - unbekannt Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 18.08.2010 1.0.0.10 - unbekannt ATK Generic Function Service ATK 18.08.2010 1.00.0008 - unbekannt ATK Hotkey ASUS 18.08.2010 5,75MB 1.0.0052 - unbekannt ATK Media ASUS 18.08.2010 0,20MB 2.0.0006 - unbekannt ATKOSD2 ASUS 18.08.2010 6,53MB 7.0.0006 - unbekannt Avira AntiVir Personal - Free Antivirus Avira GmbH 16.10.2011 76,9MB 10.2.0.704 - notwendig Boingo Wi-Fi Boingo Wireless, Inc. 18.08.2010 25,4MB 1.7.0048 - unbekannt CCleaner Piriform 11.01.2012 3.14 - notwendig Cisco AnyConnect VPN Client Cisco Systems, Inc. 01.01.2012 4,68MB 2.5.3054 - notwendig Cisco Systems VPN Client 5.0.07.0440 01.01.2012 10,6MB - notwendig ControlDeck ASUS 18.08.2010 1,82MB 1.0.4 - unbekannt CyberLink Power2Go CyberLink Corp. 18.08.2010 110,4MB 6.1.3602c - unbekannt Diablo II 28.08.2011 - notwendig DivX-Setup DivX, LLC 05.01.2011 2.2.1.2 - unbekannt Dropbox Dropbox, Inc. 05.12.2011 1.2.49 - notwendig ETDWare PS/2-x64 7.0.5.7_WHQL 19.08.2010 - unbekannt Express Gate DeviceVM, Inc. 18.08.2010 383MB 1.2.13.23 - unbekannt Fast Boot ASUS 18.08.2010 1,45MB 1.0.4 - unbekannt Google Earth Google 16.11.2011 92,7MB 6.1.0.5001 - notwendig Java(TM) 6 Update 26 Oracle 17.12.2010 97,1MB 6.0.260 - unbekannt Malwarebytes Anti-Malware Version 1.60.0.1800 Malwarebytes Corporation 10.01.2012 18,6MB 1.60.0.1800 - notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 10.12.2010 38,8MB 4.0.30319 - unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 10.12.2010 2,94MB 4.0.30319 - unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 13.01.2011 12.0.6425.1000 - notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 06.12.2010 1,72MB 3.1.0000 - unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 06.12.2010 0,61MB 1.0.1215.0 - unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 06.12.2010 1,45MB 1.0.1215.0 - unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 17.12.2010 0,77MB 9.0.30729.4148 - unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,77MB 9.0.30729.6161 - unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.12.2010 0,58MB 9.0.30729.4148 - unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 - unbekannt Mozilla Firefox 9.0.1 (x86 de) Mozilla 08.01.2012 39,3MB 9.0.1 - notwendig Mozilla Thunderbird (8.0) Mozilla 14.11.2011 8.0 (de) - notwendig MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 18.08.2010 1,53MB 4.30.2107.0 - unbekannt NVIDIA Drivers NVIDIA Corporation 19.08.2010 1.3 - unbekannt OpenOffice.org 3.3 OpenOffice.org 17.12.2010 415MB 3.3.9556 - unnötig PDFCreator Frank Heindörfer, Philip Chinery 27.04.2011 1.2.0 - notwendig Picasa 3 Google, Inc. 20.02.2011 3.8 - notwendig QuickTime Apple Inc. 16.12.2010 73,7MB 7.69.80.9 - unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.08.2010 6.0.1.5942 - unbekannt simfy simfy GmbH 26.09.2011 1.5.2 - unnötig Skype Toolbars Skype Technologies S.A. 20.02.2011 8,14MB 5.0.4137 - unbekannt Skype™ 5.5 Skype Technologies S.A. 21.10.2011 17,0MB 5.5.124 - notwendig SRS Premium Sound Control Panel SRS Labs, Inc. 18.08.2010 1,79MB 1.8.1200 - unbekannt syncables desktop SE syncables 18.08.2010 163,5MB 5.5.615.9518 - unbekannt USB 2.0 UVC 0.3M WebCam 19.08.2010 - unbekannt VLC media player 1.1.5 VideoLAN 06.12.2010 1.1.5 - notwendig Windows Live Anmelde-Assistent Microsoft Corporation 08.12.2010 1,94MB 5.000.818.6 - unbekannt Windows Live Essentials Microsoft Corporation 06.12.2010 14.0.8050.1202 - unbekannt Windows Live Sync Microsoft Corporation 06.12.2010 2,80MB 14.0.8050.1202 - unbekannt Windows Live-Uploadtool Microsoft Corporation 06.12.2010 0,22MB 14.0.8014.1029 - unbekannt WinFlash ASUS 18.08.2010 1,29MB 2.29.0 - unbekannt Wireless Console 3 ASUS 18.08.2010 2,43MB 3.0.13 - unbekannt |
Themen zu Windows blockiert aus Sicherheitsgründen - Trojaner |
64-bit, antivir, autorun, avira, bho, bildschirm, blockiert, bonjour, euro, excel, excel.exe, firefox, format, gfnexsrv.exe, google earth, helper, install.exe, installation, internet, logfile, microsoft office word, mozilla thunderbird, office 2007, plug-in, realtek, registry, required, rundll, s-ata, scan, security, security update, software, trojane, trojaner, usb 2.0, virus, webcheck, windows |