| |
| |||||||
Log-Analyse und Auswertung: "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.01.2012, 15:57
| #1 |
| |  "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" Hallo, auch ich habe, wie anscheinend viele andere, seit heute das Probleme mit diesem nervigen Trojaner. Und zwar immer dann, wenn ich das Programm Steam starten möchte. Einen älteren Wiederherstellungspunkt hab ich leider nicht und muss den Trojaner dann wohl so runterbekommen. Hab hier im Forum schon ein wenig gelesen und OTL runtergeladen. Wenn ich das richtig verstanden habe, brauch ich jetzt noch ein Logfile um das dort einzugeben, oder? Vielen Dank im Voraus für die Hilfe. |
|
09.01.2012, 16:11
| #2 |
| /// Malware-holic   | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" hi
__________________starte den pc neu in den abgesicherten modus mit netzwerk, dies geht bei pc start, wenn du f8 drückst und dort das passende auswählst. da hast du dann auch internet. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
09.01.2012, 16:40
| #3 |
| | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" Hier ist die OTL.txt
__________________Code:
ATTFilter OTL logfile created on: 09.01.2012 16:17:37 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TRASH\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 55,98% Memory free 4,00 Gb Paging File | 3,15 Gb Available in Paging File | 78,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,41 Gb Total Space | 7,59 Gb Free Space | 10,20% Space Free | Partition Type: NTFS Drive D: | 74,50 Gb Total Space | 21,69 Gb Free Space | 29,12% Space Free | Partition Type: NTFS Drive E: | 24,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 968,25 Mb Total Space | 44,13 Mb Free Space | 4,56% Space Free | Partition Type: FAT Computer Name: TRASH-PC | User Name: TRASH | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.09 15:35:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\TRASH\Desktop\OTL.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.12.14 21:39:59 | 003,316,000 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai) SRV - [2011.03.15 20:57:19 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.09.01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.07.29 16:43:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.12.10 18:14:39 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.12.09 13:42:14 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.12.09 13:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.19 22:55:50 | 004,446,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2006.05.24 07:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Stopped] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv) ========== Driver Services (SafeList) ========== DRV - [2011.04.26 12:31:07 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.04.26 12:31:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.01.12 11:29:49 | 010,467,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.11.20 13:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010.11.20 11:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.12.09 14:03:07 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.09.24 19:10:40 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.09.23 02:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2009.09.23 02:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.13 23:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.01 00:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.04.30 23:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2009.04.30 23:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.02.18 19:57:38 | 000,029,184 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2007.11.15 19:33:42 | 000,468,096 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkTMini.sys -- (StkTMini) DRV - [2006.11.15 16:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini) DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006.06.27 17:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan) DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=19948&mntrId=c0e41ef20000000000000000000000000000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 3D 9F 9A 08 39 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://twitter.com/#|hxxp://de-de.facebook.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2 FF - prefs.js..extensions.enabledItems: ytvdw@pgport.com:1.1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.90 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.8 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TRASH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\TRASH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TRASH\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TRASH\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.22 20:03:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.22 20:03:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.22 20:03:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.22 20:03:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.11.10 19:24:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.28 22:38:36 | 000,000,000 | ---D | M] [2010.12.18 18:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TRASH\AppData\Roaming\mozilla\Extensions [2010.11.22 22:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TRASH\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.01.07 19:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions [2011.06.07 09:24:14 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011.05.26 12:47:20 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2011.07.28 17:45:02 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011.02.18 14:23:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.02.18 14:13:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.18 18:57:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.05.26 12:47:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\engine@conduit.com [2011.07.25 20:07:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\ffxtlbr@babylon.com [2011.09.19 18:24:54 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\youtube2mp3@mondayx.de [2011.05.26 12:47:20 | 000,000,000 | ---D | M] ("YouTube Video Download Wizard") -- C:\Users\TRASH\AppData\Roaming\mozilla\Firefox\Profiles\8l1z92ys.default\extensions\ytvdw@pgport.com [2011.03.15 11:22:18 | 000,000,923 | ---- | M] () -- C:\Users\TRASH\AppData\Roaming\Mozilla\Firefox\Profiles\8l1z92ys.default\searchplugins\conduit.xml [2012.01.07 19:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.20 15:43:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.20 01:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.05.31 21:39:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2010.12.20 15:43:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.20 01:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.05.31 21:39:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.05.31 21:39:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.08 18:45:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.25 20:07:36 | 000,002,291 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.10.08 18:45:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.08 18:45:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.08 18:45:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.08 18:45:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.18 20:05:19 | 000,395,382 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123haustiereundmehr.com O1 - Hosts: 13651 more lines... O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\TRASH\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\TRASH\AppData\Roaming\Mozilla\Firefox\firefox.exe () O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\TRASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\TRASH\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TRASH\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9C920038-6167-21A7-D207-FF807AE2A6D1} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2012.01.09 15:35:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\TRASH\Desktop\OTL.exe [2012.01.07 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\TRASH\Documents\Telltale Games [2012.01.06 15:59:15 | 000,000,000 | ---D | C] -- C:\Users\TRASH\Desktop\Kaaaarl [1 C:\Users\TRASH\Documents\*.tmp files -> C:\Users\TRASH\Documents\*.tmp -> ] [1 C:\Users\TRASH\Desktop\*.tmp files -> C:\Users\TRASH\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.09 16:14:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.01.09 16:14:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.09 16:08:45 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.09 16:08:45 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.09 16:04:08 | 000,055,502 | ---- | M] () -- C:\Windows\System32\NvwsApps.xml [2012.01.09 16:04:08 | 000,022,391 | ---- | M] () -- C:\Windows\System32\nvapps.xml [2012.01.09 15:35:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\TRASH\Desktop\OTL.exe [2012.01.09 15:15:24 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3218449343-147659086-2779084132-1000UA.job [2012.01.07 23:15:12 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3218449343-147659086-2779084132-1000Core.job [2012.01.06 22:08:26 | 000,152,699 | ---- | M] () -- C:\Users\TRASH\Desktop\p032_1_02.png [2012.01.06 19:10:46 | 001,928,104 | ---- | M] () -- C:\Users\TRASH\Desktop\tombraideristtoll.mp3 [2012.01.06 18:47:48 | 000,013,698 | ---- | M] () -- C:\Users\TRASH\Desktop\trrichtig.camproj [2012.01.06 18:47:37 | 018,862,523 | ---- | M] () -- C:\Users\TRASH\Desktop\trrage.mp3 [2012.01.03 18:09:11 | 001,016,976 | ---- | M] () -- C:\Users\TRASH\Desktop\TRASHTAZMANI-BG.jpg [2012.01.02 23:51:16 | 000,669,780 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.02 23:51:16 | 000,628,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.02 23:51:16 | 000,136,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.02 23:51:16 | 000,111,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.02 21:19:21 | 000,014,336 | ---- | M] () -- C:\Users\TRASH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.02 19:51:49 | 013,485,649 | ---- | M] () -- C:\Users\TRASH\Desktop\03 - Der Strom der Zeit.mp3 [2012.01.01 21:18:37 | 000,002,259 | ---- | M] () -- C:\Users\TRASH\Desktop\Danke-Text.rtf [2012.01.01 16:57:07 | 013,988,283 | ---- | M] () -- C:\Users\TRASH\Desktop\11.mp3 [2011.12.30 20:20:30 | 013,306,174 | ---- | M] () -- C:\Users\TRASH\Desktop\nepalneu.mp3 [2011.12.30 17:52:02 | 020,426,527 | ---- | M] () -- C:\Users\TRASH\Desktop\boss.mp3 [2011.12.29 23:19:21 | 011,714,586 | ---- | M] () -- C:\Users\TRASH\Desktop\nepal2.mp3 [2011.12.27 18:23:55 | 000,166,914 | ---- | M] () -- C:\Users\TRASH\Desktop\1-eb4ad7c6f8.jpg [2011.12.27 12:28:00 | 312,764,416 | ---- | M] () -- C:\Users\TRASH\Documents\Produce_0.mpg [2011.12.23 18:55:01 | 289,122,304 | ---- | M] () -- C:\Users\TRASH\Documents\Produce.mpg [2011.12.23 17:58:43 | 000,280,363 | ---- | M] () -- C:\Users\TRASH\Documents\IMG_2865(1).JPG [2011.12.21 18:56:14 | 000,155,614 | ---- | M] () -- C:\Users\TRASH\Desktop\dimi.jpg [2011.12.19 14:25:57 | 000,477,770 | ---- | M] () -- C:\Users\TRASH\Desktop\Kanal_Entwuerfe.zip [2011.12.17 16:18:32 | 000,162,291 | ---- | M] () -- C:\Users\TRASH\Desktop\Kanal_Design2_ohneYT.jpg [2011.12.17 16:18:18 | 000,205,016 | ---- | M] () -- C:\Users\TRASH\Desktop\Kanal_Design2_mitYT.jpg [2011.12.17 13:02:28 | 000,289,147 | ---- | M] () -- C:\Users\TRASH\Desktop\tumblr_lvjrp6IePE1r3mx44o1_1280.jpg [2011.12.17 10:54:08 | 000,241,163 | ---- | M] () -- C:\Users\TRASH\Desktop\Kanal_Design1_mitYT.jpg [2011.12.17 10:53:50 | 000,191,979 | ---- | M] () -- C:\Users\TRASH\Desktop\Kanal_Design1_ohneYT.jpg [1 C:\Users\TRASH\Documents\*.tmp files -> C:\Users\TRASH\Documents\*.tmp -> ] [1 C:\Users\TRASH\Desktop\*.tmp files -> C:\Users\TRASH\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.06 22:08:26 | 000,152,699 | ---- | C] () -- C:\Users\TRASH\Desktop\p032_1_02.png [2012.01.06 19:10:29 | 001,928,104 | ---- | C] () -- C:\Users\TRASH\Desktop\tombraideristtoll.mp3 [2012.01.06 18:47:47 | 000,013,698 | ---- | C] () -- C:\Users\TRASH\Desktop\trrichtig.camproj [2012.01.06 18:46:43 | 018,862,523 | ---- | C] () -- C:\Users\TRASH\Desktop\trrage.mp3 [2012.01.03 18:09:00 | 001,016,976 | ---- | C] () -- C:\Users\TRASH\Desktop\TRASHTAZMANI-BG.jpg [2012.01.02 19:39:41 | 013,485,649 | ---- | C] () -- C:\Users\TRASH\Desktop\03 - Der Strom der Zeit.mp3 [2012.01.01 21:18:29 | 000,002,259 | ---- | C] () -- C:\Users\TRASH\Desktop\Danke-Text.rtf [2012.01.01 16:56:29 | 013,988,283 | ---- | C] () -- C:\Users\TRASH\Desktop\11.mp3 [2011.12.30 20:19:49 | 013,306,174 | ---- | C] () -- C:\Users\TRASH\Desktop\nepalneu.mp3 [2011.12.30 17:51:05 | 020,426,527 | ---- | C] () -- C:\Users\TRASH\Desktop\boss.mp3 [2011.12.29 23:18:33 | 011,714,586 | ---- | C] () -- C:\Users\TRASH\Desktop\nepal2.mp3 [2011.12.27 18:23:55 | 000,166,914 | ---- | C] () -- C:\Users\TRASH\Desktop\1-eb4ad7c6f8.jpg [2011.12.27 12:19:14 | 312,764,416 | ---- | C] () -- C:\Users\TRASH\Documents\Produce_0.mpg [2011.12.23 18:49:41 | 289,122,304 | ---- | C] () -- C:\Users\TRASH\Documents\Produce.mpg [2011.12.23 17:58:43 | 000,280,363 | ---- | C] () -- C:\Users\TRASH\Documents\IMG_2865(1).JPG [2011.12.21 18:56:14 | 000,155,614 | ---- | C] () -- C:\Users\TRASH\Desktop\dimi.jpg [2011.12.19 15:24:37 | 000,241,163 | ---- | C] () -- C:\Users\TRASH\Desktop\Kanal_Design1_mitYT.jpg [2011.12.19 15:24:37 | 000,205,016 | ---- | C] () -- C:\Users\TRASH\Desktop\Kanal_Design2_mitYT.jpg [2011.12.19 15:24:37 | 000,191,979 | ---- | C] () -- C:\Users\TRASH\Desktop\Kanal_Design1_ohneYT.jpg [2011.12.19 15:24:37 | 000,162,291 | ---- | C] () -- C:\Users\TRASH\Desktop\Kanal_Design2_ohneYT.jpg [2011.12.19 14:25:57 | 000,477,770 | ---- | C] () -- C:\Users\TRASH\Desktop\Kanal_Entwuerfe.zip [2011.12.17 13:02:20 | 000,289,147 | ---- | C] () -- C:\Users\TRASH\Desktop\tumblr_lvjrp6IePE1r3mx44o1_1280.jpg [2011.05.03 20:35:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.05.03 20:33:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.19 11:31:35 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.04.19 11:31:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.02.22 21:49:05 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll [2010.11.04 19:50:29 | 000,000,093 | ---- | C] () -- C:\Users\TRASH\AppData\Local\fusioncache.dat [2010.10.19 21:46:02 | 000,000,006 | ---- | C] () -- C:\Users\TRASH\AppData\Roaming\completescan [2010.10.19 21:40:01 | 000,000,010 | ---- | C] () -- C:\Users\TRASH\AppData\Roaming\install [2010.10.10 13:49:23 | 000,000,143 | ---- | C] () -- C:\Users\TRASH\AppData\Roaming\dsfsds.bat [2010.10.09 17:47:06 | 000,000,171 | ---- | C] () -- C:\Users\TRASH\AppData\Roaming\asdsada.bat [2010.06.20 18:36:42 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.06.06 11:13:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.06.05 18:25:59 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2010.05.29 18:36:33 | 000,000,228 | ---- | C] () -- C:\Windows\winlemm.ini [2010.05.26 20:54:33 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.05.24 12:53:09 | 000,144,424 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.04.19 13:24:53 | 000,000,555 | ---- | C] () -- C:\Users\TRASH\AppData\Roaming\AutoGK.ini [2010.04.10 15:05:14 | 000,014,336 | ---- | C] () -- C:\Users\TRASH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.09.22 19:57:13 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.09.21 15:22:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.07.14 09:47:43 | 000,669,780 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,136,208 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 002,421,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,628,020 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,111,598 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2005.06.15 16:25:00 | 000,540,672 | ---- | C] () -- C:\Windows\System32\nvhwvid.dll [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll ========== LOP Check ========== [2012.01.07 19:24:49 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\.minecraft [2011.07.25 20:07:25 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Babylon [2010.05.28 21:27:34 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Bitsoft [2010.10.10 13:47:42 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\CheckPoint [2010.12.13 17:53:15 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Chirurgie Simulation [2009.09.24 19:13:21 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\DAEMON Tools Lite [2010.10.10 14:01:46 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\download2 [2011.07.25 19:57:28 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\DVDVideoSoft [2011.07.25 19:56:59 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.23 22:38:31 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\FileZilla [2010.12.06 15:45:20 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\FireShot [2011.07.25 20:08:58 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\FLV Extract [2009.12.08 12:39:30 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Games [2010.02.24 21:56:58 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\ICQ [2009.10.25 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\JonDo [2009.11.11 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Leadertech [2010.06.27 17:24:37 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\LolClient [2010.06.06 11:30:18 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\MAGIX [2011.05.31 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Opera [2010.06.06 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Outerspace Software [2010.05.22 08:44:32 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\PalaceChat 4 [2011.05.25 19:46:10 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\ProtectDisc [2009.10.02 13:12:14 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\ScummVM [2010.04.18 17:30:59 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\TeamViewer [2011.04.20 00:28:55 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\thecleaner [2010.11.22 22:48:50 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Thunderbird [2012.01.06 23:57:29 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\TS3Client [2009.12.10 18:14:26 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\TuneUp Software [2011.11.28 21:31:14 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2011.03.12 16:22:58 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\WinterVoicesDemo [2011.04.20 01:02:35 | 000,000,000 | ---D | M] -- C:\Users\TRASH\AppData\Roaming\Zype [2011.10.31 20:09:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.09.19 09:55:29 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.12.10 18:33:11 | 000,000,000 | -HSD | M] -- C:\Boot [2010.04.16 17:54:11 | 000,000,000 | ---D | M] -- C:\dell [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.09.19 09:51:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.15 12:23:00 | 000,000,000 | ---D | M] -- C:\Downloads [2011.11.02 16:27:16 | 000,000,000 | -HSD | M] -- C:\found.000 [2009.09.27 10:13:50 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.09.21 18:36:18 | 000,000,000 | ---D | M] -- C:\Netts [2011.10.31 20:02:44 | 000,000,000 | ---D | M] -- C:\NVIDIA [2010.06.06 13:04:44 | 000,000,000 | ---D | M] -- C:\Outerspace Software [2009.09.24 13:57:42 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.07 20:06:29 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.05 13:48:33 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.09.19 09:51:57 | 000,000,000 | -HSD | M] -- C:\Programme [2009.09.19 09:51:57 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.07 20:46:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.09.19 09:55:10 | 000,000,000 | R--D | M] -- C:\Users [2011.10.31 20:11:23 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Und die Extra.txt Code:
ATTFilter OTL Extras logfile created on: 09.01.2012 16:17:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TRASH\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 55,98% Memory free
4,00 Gb Paging File | 3,15 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,41 Gb Total Space | 7,59 Gb Free Space | 10,20% Space Free | Partition Type: NTFS
Drive D: | 74,50 Gb Total Space | 21,69 Gb Free Space | 29,12% Space Free | Partition Type: NTFS
Drive E: | 24,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 968,25 Mb Total Space | 44,13 Mb Free Space | 4,56% Space Free | Partition Type: FAT
Computer Name: TRASH-PC | User Name: TRASH | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\TRASH\AppData\Local\Temp\google.exe" = C:\Users\TRASH\AppData\Local\Temp\google.exe:*:Enabled:ldrsoft
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB TV Device Driver
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.45
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.45
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDACF7D5-F9FE-4315-BA3E-E1DA75CA4C7A}" = XSplit
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"BabylonToolbar" = Babylon toolbar on IE
"BluffTitler" = BluffTitler
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.7.1
"FlorensiaEU" = FlorensiaEU 1.08.17
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"Freecorder4.12C" = Freecorder 4
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IsoBuster_is1" = IsoBuster 2.5.5
"JAP" = JAP
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Opera 11.60.1185" = Opera 11.60
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Shockwave" = Shockwave
"Silent Hill1.2.1" = Silent Hill
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 31290" = Back to the Future: Ep 1 - It's About Time
"Steam App 46500" = Syberia
"Steam App 7000" = Tomb Raider: Legend
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Lemmings" = Lemmings for Windows 95
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"YouTube Uploader" = YouTube Uploader 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}TRASH_is1" = WinDS PRO 2010.10 (TRASH)
"Akamai" = Akamai NetSession Interface
"FoxTab Video Converter" = FoxTab Video Converter
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.01.2012 13:01:00 | Computer Name = TRASH-PC | Source = RasClient | ID = 20227
Description =
Error - 02.01.2012 13:01:24 | Computer Name = TRASH-PC | Source = RasClient | ID = 20227
Description =
Error - 02.01.2012 13:01:37 | Computer Name = TRASH-PC | Source = RasClient | ID = 20227
Description =
Error - 02.01.2012 13:01:53 | Computer Name = TRASH-PC | Source = RasClient | ID = 20227
Description =
Error - 02.01.2012 13:03:52 | Computer Name = TRASH-PC | Source = RasClient | ID = 20227
Description =
Error - 02.01.2012 16:17:46 | Computer Name = TRASH-PC | Source = Application Hang | ID = 1002
Description = Programm CamRecorder.exe, Version 7.0.0.1501 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 984 Startzeit: 01ccc98b052d24fd Endzeit: 73 Anwendungspfad:
C:\Program Files\TechSmith\Camtasia Studio 7\CamRecorder.exe Berichts-ID: cd9f0104-357e-11e1-a36b-00123f7a8b85
Error - 02.01.2012 16:25:05 | Computer Name = TRASH-PC | Source = Application Hang | ID = 1002
Description = Programm CamRecorder.exe, Version 7.0.0.1501 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c3c Startzeit: 01ccc98ba051ec99 Endzeit: 20 Anwendungspfad:
C:\Program Files\TechSmith\Camtasia Studio 7\CamRecorder.exe Berichts-ID: d5dfd4ee-357f-11e1-a36b-00123f7a8b85
Error - 06.01.2012 20:34:27 | Computer Name = TRASH-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.01.2012 15:45:33 | Computer Name = TRASH-PC | Source = VSS | ID = 8194
Description =
Error - 08.01.2012 09:46:04 | Computer Name = TRASH-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 04.02.2010 08:15:35 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 13:15:26 - Fehler beim Herstellen der Internetverbindung. 13:15:26
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2010 06:06:31 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 11:06:23 - Fehler beim Herstellen der Internetverbindung. 11:06:23
- Serververbindung konnte nicht hergestellt werden..
Error - 10.02.2010 06:17:36 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 11:17:36 - Fehler beim Herstellen der Internetverbindung. 11:17:36
- Serververbindung konnte nicht hergestellt werden..
Error - 10.02.2010 06:17:45 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 11:17:41 - Fehler beim Herstellen der Internetverbindung. 11:17:41
- Serververbindung konnte nicht hergestellt werden..
Error - 12.02.2010 12:31:00 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 17:31:00 - Fehler beim Herstellen der Internetverbindung. 17:31:00
- Serververbindung konnte nicht hergestellt werden..
Error - 12.02.2010 12:31:11 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 17:31:06 - Fehler beim Herstellen der Internetverbindung. 17:31:06
- Serververbindung konnte nicht hergestellt werden..
Error - 18.02.2010 08:12:02 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 13:11:58 - Fehler beim Herstellen der Internetverbindung. 13:11:58
- Serververbindung konnte nicht hergestellt werden..
Error - 07.03.2010 08:14:36 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 13:14:36 - Fehler beim Herstellen der Internetverbindung. 13:14:36
- Serververbindung konnte nicht hergestellt werden..
Error - 07.03.2010 08:14:46 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 13:14:41 - Fehler beim Herstellen der Internetverbindung. 13:14:41
- Serververbindung konnte nicht hergestellt werden..
Error - 12.03.2010 08:31:09 | Computer Name = TRASH-PC | Source = MCUpdate | ID = 0
Description = 13:31:05 - Fehler beim Herstellen der Internetverbindung. 13:31:05
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 15.06.2011 10:34:07 | Computer Name = TRASH-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1852
seconds with 720 seconds of active time. This session ended with a crash.
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
09.01.2012, 17:07
| #4 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Mozilla Firefox] C:\Users\TRASH\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
:Files
C:\Users\TRASH\AppData\Roaming\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2012, 17:27
| #5 |
| | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" Hier der Inhalt der Textdatei Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla Firefox deleted successfully.
C:\Users\TRASH\AppData\Roaming\Mozilla\Firefox\firefox.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56502 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: TRASH
->Flash cache emptied: 3381218 bytes
Total Flash Files Cleaned = 3,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: TRASH
->Temp folder emptied: 296030274 bytes
->Temporary Internet Files folder emptied: 16839744 bytes
->Java cache emptied: 35012583 bytes
->FireFox cache emptied: 84180490 bytes
->Apple Safari cache emptied: 10153984 bytes
->Opera cache emptied: 9580672 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64868321 bytes
RecycleBin emptied: 4576248306 bytes
Total Files Cleaned = 4.857,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01092012_171527
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Ich war mir jetzt nicht ganz sicher, ob ich die Zip Datei auch hochladen muss, oder ob das nur gilt, wenn Symbole nicht angezeigt wurden. Habe es trotzdem mal gemacht. |
|
09.01.2012, 17:35
| #6 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" danke, die sollte auf jeden fall hochgeladen werden :-) Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" |
|
09.01.2012, 18:29
| #7 |
| | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" ComboFix ist durchgelaufen und hier ist das Ergebnis Code:
ATTFilter ComboFix 12-01-09.03 - TRASH 09.01.2012 17:48:17.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2046.1273 [GMT 1:00]
ausgeführt von:: c:\users\TRASH\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TRASH\AppData\Roaming\Adobe\AdobeUpdate .exe
c:\users\TRASH\AppData\Roaming\Adobe\plugs
c:\users\TRASH\AppData\Roaming\asdsada.bat
c:\users\TRASH\AppData\Roaming\completescan
c:\users\TRASH\AppData\Roaming\download2
c:\users\TRASH\AppData\Roaming\dsfsds.bat
c:\users\TRASH\AppData\Roaming\install
c:\windows\system\WING32.DLL
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-09 bis 2012-01-09 ))))))))))))))))))))))))))))))
.
.
2012-01-09 17:07 . 1993-08-24 16:32 12800 ----a-w- c:\windows\system\WING32.DLL
2012-01-09 17:02 . 2012-01-09 17:07 -------- d-----w- c:\users\TRASH\AppData\Local\temp
2012-01-09 17:02 . 2012-01-09 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-09 16:21 . 2012-01-09 16:21 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{729B1FB5-BBB2-49CE-B662-3A37FB5F43F5}\offreg.dll
2012-01-09 16:15 . 2012-01-09 16:25 -------- d-----w- C:\_OTL
2012-01-06 14:19 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{729B1FB5-BBB2-49CE-B662-3A37FB5F43F5}\mpengine.dll
2011-12-15 18:39 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-03 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]
"Akamai NetSession Interface"="c:\users\TRASH\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 5926912]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
.
c:\users\TRASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-26 23:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2008-02-18 29184]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-04 3404560]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [2007-11-15 468096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-24 722416]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-19 4446752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3218449343-147659086-2779084132-1000Core.job
- c:\users\TRASH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 22:10]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3218449343-147659086-2779084132-1000UA.job
- c:\users\TRASH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-10 22:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=19948&mntrId=c0e41ef20000000000000000000000000000
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\TRASH\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\TRASH\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{729E326C-A5A4-458F-9E77-CE7E0992D046}: NameServer = 62.220.18.8 89.246.64.8
FF - ProfilePath - c:\users\TRASH\AppData\Roaming\Mozilla\Firefox\Profiles\8l1z92ys.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://twitter.com/#|hxxp://de-de.facebook.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: YouTube Video Download Wizard: ytvdw@pgport.com - %profile%\extensions\ytvdw@pgport.com
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3218449343-147659086-2779084132-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fc,4e,60,83,bb,31,8e,35,d2,44,00,04,a4,86,7d,63,1d,f5,b7,d1,87,98,75,
08,bd,e2,03,44,6c,a8,1a,91,49,90,d6,d0,9f,eb,28,5a,0b,11,5c,9d,2a,ef,a3,8e,\
"??"=hex:5c,d8,a8,dc,03,36,d5,c0,5d,5c,09,76,84,4d,48,c3
.
[HKEY_USERS\S-1-5-21-3218449343-147659086-2779084132-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,26,91,62,68,bf,81,f4,16,f4,3f,68,f7,bd,57,e1,fe,f2,d7,cd,25,
02,07,47,7e,8f,48,7b,06,77,c1,33,70,f0,4d,da,1d,6f,b3,79,98,38,9f,6e,0a,b7,\
"rkeysecu"=hex:65,78,88,2f,a2,43,e2,2f,b8,ff,f1,75,ce,49,b0,a0
.
[HKEY_USERS\S-1-5-21-3218449343-147659086-2779084132-1000\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2896)
c:\users\TRASH\AppData\Local\FLVService\lib\FLVSrvLib.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\StkASv2K.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\WUDFHost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-09 18:24:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-09 17:23
.
Vor Suchlauf: 8.492.122.112 Bytes frei
Nach Suchlauf: 8.111.751.168 Bytes frei
.
- - End Of File - - 0C30796505C4915D40B7918CF87CF986
|
|
09.01.2012, 18:45
| #8 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2012, 20:18
| #9 |
| | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" Der Suchlauf ist endlich beendet und es wurden zwei Ergebnisse gefunden, die ich gelöscht habe. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.09.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 TRASH :: TRASH-PC [Administrator] Schutz: Aktiviert 09.01.2012 18:52:42 mbam-log-2012-01-09 (18-52-42).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366270 Laufzeit: 1 Stunde(n), 24 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab Video Converter (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\FoxTabVideoConverter\Uninstall\Uninstall.exe (Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
09.01.2012, 20:51
| #10 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" hi lade den CCleaner standard: CCleaner Download - CCleaner 3.14.1616 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2012, 21:09
| #11 |
| | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" Hier ist die Liste der Programme Code:
ATTFilter 7-Zip 4.65 - ubekannt AC3Filter 1.63b Alexander Vigovsky - unbekannt Adobe AIR Adobe Systems Inc. - unbekannt Adobe Download Manager NOS Microsystems Ltd. - notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated - notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated - notwendig Adobe Media Player Adobe Systems Incorporated - notwendig Adobe Photoshop CS2 Adobe Systems, Inc. - notwendig Adobe Reader 9.3.3 - Deutsch Adobe Systems Incorporated - notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. - notwendig Akamai NetSession Interface - ubekannt Akamai NetSession Interface Service - unbekannt Apple Application Support Apple Inc. - notwendig Apple Mobile Device Support Apple Inc. - notwendig Apple Software Update Apple Inc. - notwendig Audacity 1.2.6 - notwendig Avira AntiVir Personal - Free Antivirus Avira GmbH - notwendig AviSynth 2.5 - unbekannt Babylon toolbar on IE - unbekannt BluffTitler Outerspace Software - unbekannt Bonjour Apple Inc. - notwendig Camtasia Studio 7 - notwendig CCleaner - notwendig CDex extraction audio - notwendig Counter-Strike Valve - notwendig Counter-Strike: Source Valve - notwendig CyberLink PowerDirector CyberLink - notwendig DivX-Setup DivX, Inc. - notwendig DVDVideoSoftTB Toolbar - unnötig FileZilla Client 3.2.7.1 - notwendig FlorensiaEU 1.08.17 - notwendig Fraps (remove only) - notwendig Free YouTube to MP3 Converter version - unnötig Freecorder 4 Applian Technologies Inc. - unbekannt GOM Player - notwendig Google Talk Plugin - unbekannt Hama Black Force Pad - notwendig HiJackThis - notwendig? HijackThis 2.0.2 - notwendig? IsoBuster 2.5.5 Smart Projects - notwendig iTunes Apple Inc. - notwendig JAP JAP-Team - unnötig Java(TM) 6 Update 25 - notwendig Logitech Vid Logitech Inc. - notwendig Logitech Webcam Software - notwendig Logitech Webcam Software-Treiberpaket - notwendig Malwarebytes Anti-Malware Version - notwendig McAfee Security Scan Plus - notwendig Messenger Plus! Live - unnötig Microsoft .NET Compact Framework (Bei folgenden Microsoft Programmen bin ich mir nicht sicher, ob sie notwendig sind) Microsoft .NET Framework 1.1 - notwendig? Microsoft .NET Framework 4 Client Profile - notwendig? Microsoft Office Enterprise 2007 - notwendig Microsoft Office Live Add-in 1.3 - notwendig? Microsoft Silverlight - notwendig? Microsoft SQL Server 2005 Compact Edition - notwendig? Microsoft Visual C++ 2005 ATL Update - notwendig? Microsoft Visual C++ 2005 Redistributable - notwendig? Microsoft Visual C++ 2008 ATL - notwendig? Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - notwendig? Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - notwendig? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - notwendig? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - notwendig? Microsoft WSE 3.0 Runtime Microsoft Corp. - notwendig? MobileMe Control Panel Apple Inc. - notwendig Mozilla Firefox (3.6.25) - notwendig Mozilla Thunderbird (8.0) - notwendig MSXML 4.0 SP2 (KB954430) - unbekannt MSXML 4.0 SP2 (KB973688) - unbekannt NVIDIA Drivers - notwendig NVIDIA GAME System Software - notwendig NVIDIA Grafiktreiber - notwendig NVIDIA nView 135.60 NVIDIA - notwendig NVIDIA Performance Drivers - notwendig NVIDIA PhysX - notwendig OpenAL - unbekannt Opera 11.60 - notwendig ProtectDisc Driver, Version 11 ProtectDisc Software GmbH - unbekannt QuickTime Apple Inc. - notwendig Shockwave - notwendig Skype™ 4.2 Skype - notwendig SmartSound Quicktracks Plugin - unbekannt SolveigMM AVI Trimmer - unbekannt Spybot - Search & Destroy - notwendig Steam Valve Corporation - notwendig System Requirements Lab CYRI - unbekannt TeamSpeak 3 Client TeamSpeak - notwendig Thrustmaster Force Feedback Driver - notwendig TuneUp Utilities - notwendig TweetDeck TweetDeck Inc - notwendig Uninstall 1.0.0.1 - unbekannt USB TV Device Driver - notwendig VLC media player 1.0.5 - notwendig VobSub v2.23 (Remove Only) - unbekannt Winamp Nullsoft, Inc - notwendig WinAVI Video Converter - unnötig Windows Live Anmelde-Assistent - unnötig Windows Live Essentials - unnötig Windows Live Sync - unnötig Windows Live-Uploadtool - unnötig Windows Media Player Firefox Plugin - unnötig WinDS PRO 2010.10 - notwendig WinRAR - notwendig XSplit SplitMediaLabs - notwendig XviD MPEG4 Video Codec (remove only) - unnötig YouTube Uploader 1.0 - unnötig |
|
10.01.2012, 16:02
| #12 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" deinstaliere: Adobe AIR deinstaliere: Adobe Flash Player alle Adobe - Andere Version des Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Akamai beide AviSynth Babylon BluffTitler DVDVideoSoftTB Free YouTube Freecorder Google Talk HiJackThis beide JAP JAP Java Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere Messenger Microsoft Silverlight Mozilla Firefox Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar version 9 ist aktuell Skype™ Installieren Sie Skype kostenlos für Anrufe, Videoanrufe und IM aktuell version 5.x deinstaliere: SolveigMM Spybot ist nicht mehr notwendig, da kaum updates etc. scanne von zeit zu zeit mit malwarebytes, weitere bessere konfigurationshinweise bekommst du noch. TuneUp solche programme sind nutzlos, und sie können das system beschädigen, weg damit. VobSub WinAVI Windows Live alle YouTube Uploader öffne otl, klicke bereinigen, pc neustarten. öffne ccleaner, analysieren, bereinigen, neustarten. testen ob alles läuft wie gewünscht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" |
| andere, arten, aus sicherheitsgründen, blockiert, brauch, einzugeben, forum, heute, logfile, nervige, probleme, programm, richtig, schei, sicherheitsgründe, sicherheitsgründen, starte, starten, steam, troja, wenig, windowssystem, windowssystem blockiert, wurde ihr, ältere |
Linear-Darstellung
