| |
| |||||||
Log-Analyse und Auswertung: Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.01.2012, 20:26
| #1 |
 |  Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Hallo Liebe Forenmitglieder! Meine Freundin hat sich ebenfalls den im Forum schon häufig erwähnten 50EUR Trojaner eingefangen. Allerdings habe ich diesen fast komplett Schwarzen Bildschrim im Internet noch nicht wiedergefunden. Ob es sich also um eine neuere Variante handelt weiß ich nicht. Es erscheint eine Meldung die Sinngemäß wie folgt lautet:"Achtung Windows wird aus Sicherheitsgründen blockiert. Die Freischaltung kostet 50€ f " Es wird erwähnt das die Zahlung bzw. die Beschaffung eines Keys an Tankstelle und Kiosk möglich sei. Ich bin leider kein Profi habe aber beim lesen alter Einträge bemerkt das ich ein otl logifle posten muss. Kann ich das Programm auch von einem USB stick auf das Infizierte System kopieren? Der PC steht gerade bei mir und das wäre die einzige Möglichkeit das Programm zu starten. Nun frage ich mich aber ob ich beim zurückkopieren des Logfiles ; wozu ich ebenfalls den USB-Stick nutzen müsste" nicht ein sehr großes Risiko für meinen PC eingehe? Leider kann ich ja keine W-lan verbindung mit dem Infizierten Pc Aufbauen! Ich hoffe ich habe mich an alle Forenregeln gehalten, ansonsten werde ich natürlich meinen Eintrag entsprechend anpassen! Mit freundlichen Grüßen und vielen Dank im vorraus Onkel Charlie |
|
17.01.2012, 20:32
| #2 |
| /// Malware-holic   | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner hi,
__________________versuche mal folgendes. pc neustarten, f8 drücken abgesicherter modus mit netzwerk wählen, da hast du dann internet. bzw kannst ohne den screen arbeiten der alles blockiert Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
falls das nciht geht kannst du das programm und die logs mit nnem stick kopieren und das script von mir auch, einfach in ner textdatei speichern und dann auf dem stick kopieren, text datei am infiziertem gerät öffnen und dort dann einfügen
__________________ |
|
17.01.2012, 21:05
| #3 |
| | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Hallo
__________________Das hat relativ lange gedauert (c.a 12 min) außerdem hat das Programm erst die Arbeit begonnen nachdem ich im Taskmanager eine Datei mit namen 338.exe gelöscht habe. Zumindest bilde ich mir ein das es so war, evtl war ich auch einfach zu ungeduldig und das logfile wäre auch so gekommen? Muss ich eigentlich noch irgendwelche Angaben anonymisieren? otl.txt Code:
ATTFilter OTL logfile created on: 1/17/2012 8:47:49 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Judith\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 764.87 Mb Total Physical Memory | 338.41 Mb Available Physical Memory | 44.24% Memory free 1.75 Gb Paging File | 1.42 Gb Available in Paging File | 81.27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 131.75 Gb Total Space | 79.36 Gb Free Space | 60.23% Space Free | Partition Type: NTFS Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.73% Space Free | Partition Type: FAT32 Computer Name: JUDITH-HP | User Name: Judith | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/17 20:40:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exe PRC - [2012/01/17 20:38:01 | 000,190,464 | ---- | M] () -- C:\Program Files\5AB56\lvvm.exe PRC - [2012/01/17 18:07:49 | 000,175,616 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\C835A\EA388.exe PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/01/17 20:38:01 | 000,190,464 | ---- | M] () -- C:\Program Files\5AB56\lvvm.exe MOD - [2012/01/17 18:07:49 | 000,175,616 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\C835A\EA388.exe MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2003/07/11 01:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll ========== Win32 Services (SafeList) ========== SRV - [2011/10/11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/06/04 15:43:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/01/06 00:59:08 | 000,341,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service) SRV - [2009/09/09 18:51:22 | 000,221,024 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc) SRV - [2009/08/04 07:51:00 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/30 15:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/27 16:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/14 00:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV) SRV - [2009/06/18 18:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009/06/13 19:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009/06/03 02:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe -- (McShield) SRV - [2009/06/03 02:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE -- (EngineServer) SRV - [2009/03/02 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters) SRV - [2006/12/07 22:27:52 | 000,537,480 | ---- | M] ( ) [Auto | Stopped] -- C:\windows\System32\dlcfcoms.exe -- (dlcf_device) ========== Driver Services (SafeList) ========== DRV - [2011/12/09 20:01:35 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/10/11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/10/11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/08/12 19:48:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009/10/24 00:52:30 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009/08/04 08:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/27 16:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/20 10:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 00:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/02 09:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009/05/16 03:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/05/16 03:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK) DRV - [2009/05/16 03:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/05/16 03:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK) DRV - [2009/05/16 03:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK) DRV - [2009/05/04 19:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009/04/29 17:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost localhost IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63455 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 63455 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/04 15:30:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/25 20:26:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/25 20:26:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 12:40:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 12:00:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/04 15:30:54 | 000,000,000 | ---D | M] [2010/06/02 18:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judith\AppData\Roaming\mozilla\Extensions [2012/01/13 22:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\atcskmts.default\extensions [2010/11/24 20:07:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\atcskmts.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/08/28 18:59:44 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Judith\AppData\Roaming\mozilla\Firefox\Profiles\atcskmts.default\extensions\2020Player_IKEA@2020Technologies.com [2011/04/03 17:48:04 | 000,004,140 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\atcskmts.default\searchplugins\youtube.xml [2011/11/09 19:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions () (No name found) -- C:\USERS\JUDITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ATCSKMTS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\JUDITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ATCSKMTS.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012/01/07 12:40:19 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/01/01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [385.exe] C:\Program Files\LP\060C\385.exe () O4 - HKLM..\Run: [713.exe] C:\Program Files\LP\BE5C\713.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DLCFCATS] C:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL () O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe (McAfee, Inc.) O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [713.exe] C:\Users\Judith\AppData\Roaming\Microsoft\BE5C\713.exe () O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU..\Run: [Firefox helper] C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\firefox.exe () O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) F3 - HKCU WinNT: Load - (C:\Users\Judith\AppData\Roaming\5AB56\lvvm.exe) -C:\Users\Judith\AppData\Roaming\5AB56\lvvm.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Judith\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D4C38-EB43-4437-BA0D-EED818C5BA17}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F539003D-377E-40A4-892D-931AA44CCB7D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.350.dll (McAfee, Inc.) O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Judith\AppData\Roaming\C835A\1CE06.exe) -C:\Users\Judith\AppData\Roaming\C835A\1CE06.exe () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{29666e7e-a652-11df-bbc9-002713a29be5}\Shell - "" = AutoRun O33 - MountPoints2\{29666e7e-a652-11df-bbc9-002713a29be5}\Shell\AutoRun\command - "" = G:\SETUP.EXE /AUTORUN O33 - MountPoints2\{29666e7e-a652-11df-bbc9-002713a29be5}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{29666e7e-a652-11df-bbc9-002713a29be5}\Shell\install\command - "" = G:\SETUP.EXE O33 - MountPoints2\{9d639d0c-9aa4-11e0-bbee-002713a29be5}\Shell - "" = AutoRun O33 - MountPoints2\{9d639d0c-9aa4-11e0-bbee-002713a29be5}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Driver Updater - hkey= - key= - C:\Program Files\Carambis\Driver Updater\dupdater.exe (Media Fog Ltd.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) MsConfig - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.17 20:40:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exe [2012.01.16 06:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\5AB56 [2012.01.15 18:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2012.01.13 22:38:14 | 000,000,000 | ---D | C] -- C:\Users\Judith\AppData\Roaming\5AB56 [2012.01.13 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\Judith\AppData\Roaming\C835A [2012.01.01 14:43:38 | 000,000,000 | ---D | C] -- C:\Users\Judith\Desktop\Küche_original [2011.12.31 17:58:02 | 000,000,000 | ---D | C] -- C:\Users\Judith\Desktop\Küche [2010/09/03 15:14:58 | 001,224,704 | ---- | C] ( ) -- C:\windows\System32\dlcfserv.dll [2010/09/03 15:14:58 | 000,991,232 | ---- | C] ( ) -- C:\windows\System32\dlcfusb1.dll [2010/09/03 15:14:58 | 000,413,696 | ---- | C] ( ) -- C:\windows\System32\dlcfinpa.dll [2010/09/03 15:14:58 | 000,397,312 | ---- | C] ( ) -- C:\windows\System32\dlcfiesc.dll [2010/09/03 15:14:58 | 000,323,584 | ---- | C] ( ) -- C:\windows\System32\DLCFhcp.dll [2010/09/03 15:14:57 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\dlcfpmui.dll [2010/09/03 15:14:57 | 000,585,728 | ---- | C] ( ) -- C:\windows\System32\dlcflmpm.dll [2010/09/03 15:14:57 | 000,385,928 | ---- | C] ( ) -- C:\windows\System32\dlcfih.exe [2010/09/03 15:14:57 | 000,163,840 | ---- | C] ( ) -- C:\windows\System32\dlcfprox.dll [2010/09/03 15:14:57 | 000,094,208 | ---- | C] ( ) -- C:\windows\System32\dlcfpplc.dll [2010/09/03 15:14:56 | 000,696,320 | ---- | C] ( ) -- C:\windows\System32\dlcfhbn3.dll [2010/09/03 15:14:56 | 000,537,480 | ---- | C] ( ) -- C:\windows\System32\dlcfcoms.exe [2010/09/03 15:14:55 | 000,684,032 | ---- | C] ( ) -- C:\windows\System32\dlcfcomc.dll [2010/09/03 15:14:55 | 000,421,888 | ---- | C] ( ) -- C:\windows\System32\dlcfcomm.dll [2010/09/03 15:14:55 | 000,381,832 | ---- | C] ( ) -- C:\windows\System32\dlcfcfg.exe [2010/06/02 17:54:27 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2010/06/02 17:54:25 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2012.01.17 20:41:05 | 000,653,928 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.01.17 20:41:05 | 000,615,810 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.01.17 20:41:05 | 000,129,800 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.01.17 20:41:05 | 000,106,190 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.01.17 20:40:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Judith\Desktop\OTL.exe [2012.01.17 20:36:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.01.17 20:36:08 | 601,513,984 | -HS- | M] () -- C:\hiberfil.sys [2012.01.16 06:27:18 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.16 06:27:18 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.16 06:19:18 | 000,000,326 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForJudith.job [2012.01.15 18:27:10 | 000,000,388 | ---- | M] () -- C:\windows\tasks\At1.job [2012.01.15 18:26:07 | 000,291,328 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\firefox.exe [2012.01.15 15:43:49 | 000,291,328 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\java.exe ========== Files Created - No Company Name ========== [2012.01.15 18:26:40 | 000,000,388 | ---- | C] () -- C:\windows\tasks\At1.job [2012.01.14 05:17:05 | 000,291,328 | ---- | C] () -- C:\Users\Judith\AppData\Roaming\java.exe [2012.01.13 22:41:27 | 000,291,328 | ---- | C] () -- C:\Users\Judith\AppData\Roaming\firefox.exe [2010/09/03 15:14:58 | 000,434,176 | ---- | C] () -- C:\windows\System32\dlcfutil.dll [2010/09/03 15:14:58 | 000,274,432 | ---- | C] () -- C:\windows\System32\DLCFinst.dll [2010/09/03 15:14:57 | 000,221,184 | ---- | C] () -- C:\windows\System32\dlcfinsb.dll [2010/09/03 15:14:57 | 000,159,744 | ---- | C] () -- C:\windows\System32\dlcfins.dll [2010/09/03 15:14:57 | 000,135,168 | ---- | C] () -- C:\windows\System32\dlcfjswr.dll [2010/09/03 15:14:57 | 000,114,688 | ---- | C] () -- C:\windows\System32\dlcfinsr.dll [2010/09/03 15:14:56 | 000,086,016 | ---- | C] () -- C:\windows\System32\dlcfcub.dll [2010/09/03 15:14:56 | 000,073,728 | ---- | C] () -- C:\windows\System32\dlcfcu.dll [2010/09/03 15:14:56 | 000,036,864 | ---- | C] () -- C:\windows\System32\dlcfcur.dll [2010/09/03 15:14:55 | 000,069,632 | ---- | C] () -- C:\windows\System32\dlcfcfg.dll [2010/09/03 15:14:05 | 000,040,960 | ---- | C] () -- C:\windows\System32\dlcfvs.dll [2010/09/03 15:14:00 | 000,344,064 | ---- | C] () -- C:\windows\System32\dlcfcoin.dll [2010/06/15 19:49:23 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll [2010/06/15 19:49:23 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll [2010/06/02 17:54:26 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2010/06/02 17:54:26 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2010/06/02 17:49:13 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe [2010/01/06 00:48:32 | 000,653,928 | ---- | C] () -- C:\windows\System32\perfh007.dat [2010/01/06 00:48:32 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2010/01/06 00:48:32 | 000,129,800 | ---- | C] () -- C:\windows\System32\perfc007.dat [2010/01/06 00:48:32 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010.12.15 20:18:37 | 000,000,235 | ---- | C] () -- C:\Users\Judith\AppData\Roaming\devices.xml [2010.12.15 20:18:37 | 000,000,012 | ---- | C] () -- C:\Users\Judith\AppData\Roaming\settings.xml [2010.08.12 22:00:16 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2010.07.28 20:34:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.04 15:42:37 | 000,004,608 | ---- | C] () -- C:\Users\Judith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.18 13:22:31 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.06.02 17:54:26 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe [2010.06.02 17:54:26 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2010.01.06 00:08:46 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2009/07/14 05:33:53 | 000,454,752 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,615,810 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,106,190 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/18 11:29:00 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2009.07.16 02:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2003/02/20 16:53:42 | 000,005,702 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI [2002/04/22 09:06:06 | 000,364,544 | ---- | C] () -- C:\windows\System32\hpgt23.dll ========== LOP Check ========== [2012.01.16 06:29:49 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\5AB56 [2012.01.17 20:36:44 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\C835A [2010.06.18 13:22:32 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Carambis [2010.08.12 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\DAEMON Tools Lite [2010.11.24 20:07:57 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.07 20:27:13 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Local [2010.07.04 15:44:20 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Nokia [2010.07.04 15:40:30 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Nokia Ovi Suite [2010.12.15 20:12:22 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\Ordner HP Share-to-Web [2010.07.04 15:39:56 | 000,000,000 | ---D | M] -- C:\Users\Judith\AppData\Roaming\PC Suite [2012.01.15 18:27:10 | 000,000,388 | ---- | M] () -- C:\windows\Tasks\At1.job [2012.01.16 06:43:38 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.06.02 18:18:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.27 09:31:13 | 000,000,000 | -HSD | M] -- C:\boot [2011.05.23 09:25:04 | 000,000,000 | ---D | M] -- C:\dell [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.09.17 11:57:32 | 000,000,000 | ---D | M] -- C:\Dokumente [2010.01.05 23:53:07 | 000,000,000 | ---D | M] -- C:\EFI [2011.11.26 18:46:47 | 000,000,000 | ---D | M] -- C:\Fotos [2010.01.06 01:03:34 | 000,000,000 | -H-D | M] -- C:\hp [2010.08.12 21:53:10 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.16 06:39:46 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.19 17:46:38 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.27 11:27:30 | 000,000,000 | ---D | M] -- C:\Studium [2012.01.11 21:32:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.06.02 17:59:41 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2010.06.02 17:41:08 | 000,000,000 | R--D | M] -- C:\Users [2012.01.17 20:36:19 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.01.17 20:56:27 | 003,670,016 | -HS- | M] () -- C:\Users\Judith\ntuser.dat [2012.01.17 20:56:27 | 000,262,144 | -HS- | M] () -- C:\Users\Judith\ntuser.dat.LOG1 [2010.06.02 17:41:10 | 000,000,000 | -HS- | M] () -- C:\Users\Judith\ntuser.dat.LOG2 [2010.11.09 06:57:28 | 000,065,536 | -HS- | M] () -- C:\Users\Judith\ntuser.dat{14a78944-ebc6-11df-8f74-002713a29be5}.TM.blf [2010.11.09 06:57:28 | 000,524,288 | -HS- | M] () -- C:\Users\Judith\ntuser.dat{14a78944-ebc6-11df-8f74-002713a29be5}.TMContainer00000000000000000001.regtrans-ms [2010.11.09 06:57:28 | 000,524,288 | -HS- | M] () -- C:\Users\Judith\ntuser.dat{14a78944-ebc6-11df-8f74-002713a29be5}.TMContainer00000000000000000002.regtrans-ms [2010.06.02 18:27:57 | 000,065,536 | -HS- | M] () -- C:\Users\Judith\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.06.02 18:27:57 | 000,524,288 | -HS- | M] () -- C:\Users\Judith\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.06.02 18:27:57 | 000,524,288 | -HS- | M] () -- C:\Users\Judith\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2009.07.27 08:37:06 | 000,000,020 | -HS- | M] () -- C:\Users\Judith\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > extras.txt Code:
ATTFilter OTL Extras logfile created on: 1/17/2012 8:47:50 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Judith\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
764.87 Mb Total Physical Memory | 338.41 Mb Available Physical Memory | 44.24% Memory free
1.75 Gb Paging File | 1.42 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 79.36 Gb Free Space | 60.23% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.73% Space Free | Partition Type: FAT32
Computer Name: JUDITH-HP | User Name: Judith | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{10010089-120F-4B71-A245-261A11D234FF}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7B01FD07-1790-4EE9-B5E0-149527D70C7D}" = Nokia Ovi Suite
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{816F5E94-B7FE-43EF-B4E6-F22D40A4AFCC}" = HP User Guides 0133
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.3.0
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Color Printer 725" = Dell Color Printer 725
"DivX Setup.divx.com" = DivX-Setup
"ExpressBurn" = Express Burn Disc Burning Software
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HP Photo Creations" = HP Photo Creations
"LSI Soft Modem" = LSI HDA Modem
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee SiteAdvisor" = McAfee Browser Protection Service
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MVS" = McAfee Virus and Spyware Protection Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"PDF Complete" = PDF Complete Special Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.07.2011 11:11:51 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
Error - 21.07.2011 11:11:53 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
Error - 21.07.2011 11:11:53 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
Error - 21.07.2011 11:11:58 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
Error - 22.07.2011 04:00:40 | Computer Name = Judith-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\system32\conhost.exe".
Die
abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.07.2011 06:07:40 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
Error - 22.07.2011 09:59:13 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
Error - 22.07.2011 10:00:26 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
Error - 22.07.2011 10:01:27 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
Error - 22.07.2011 10:02:39 | Computer Name = Judith-HP | Source = RasClient | ID = 20227
Description =
[ Hewlett-Packard Events ]
Error - 31.07.2011 15:18:52 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF
bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 21.08.2011 16:13:21 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF
bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 18.09.2011 16:12:03 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF
bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 18.09.2011 16:13:01 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Aufrufziel hat einen Ausnahmefehler verursacht. mscorlib
bei System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Der
Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
Error - 23.10.2011 16:04:19 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Index lag außerhalb des Bereichs. Er muss nicht negativ und
kleiner als die Auflistung sein. Parametername: index mscorlib bei System.Collections.ArrayList.get_Item(Int32
index) bei System.Windows.WindowCollection.get_Item(Int32 index) bei HPAssistant.App.App_Activated(Object
sender, EventArgs e) bei System.Windows.Application.OnActivated(EventArgs e)
bei System.Windows.Application.WmActivateApp(Int32 wParam) bei System.Windows.Application.AppFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 31.10.2011 01:29:24 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF
bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
RoutedEventArgs e) bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
target, RoutedEventArgs routedEventArgs) bei System.Windows.EventRoute.InvokeHandlersImpl(Object
source, RoutedEventArgs args, Boolean reRaised) bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) bei MS.Internal.LoadedOrUnloadedOperation.DoWork() bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 31.10.2011 01:29:42 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Aufrufziel hat einen Ausnahmefehler verursacht. mscorlib
bei System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Der
Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
Error - 31.10.2011 01:33:46 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description =
Error - 31.10.2011 01:33:48 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description =
Error - 05.01.2012 16:12:30 | Computer Name = Judith-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF
bei HPAssistant.Pages.MaintainTuneUpProgress.bgScan_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object
arg) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
[ Media Center Events ]
Error - 29.09.2011 16:12:42 | Computer Name = Judith-HP | Source = MCUpdate | ID = 0
Description = 22:12:42 - Fehler beim Herstellen der Internetverbindung. 22:12:42
- Serververbindung konnte nicht hergestellt werden..
Error - 29.09.2011 16:12:55 | Computer Name = Judith-HP | Source = MCUpdate | ID = 0
Description = 22:12:47 - Fehler beim Herstellen der Internetverbindung. 22:12:47
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 17.01.2012 15:52:37 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:53:05 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:53:05 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:53:05 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:57:41 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:57:41 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:57:41 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:58:05 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:58:05 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.01.2012 15:58:05 | Computer Name = Judith-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Onkel charle |
|
17.01.2012, 21:25
| #4 |
| /// Malware-holic | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner hi wichtige infos über dich sind keine zu sehen. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
PRC - [2012/01/17 20:38:01 | 000,190,464 | ---- | M] () -- C:\Program Files\5AB56\lvvm.exe
PRC - [2012/01/17 18:07:49 | 000,175,616 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\C835A\EA388.exe
MOD - [2012/01/17 20:38:01 | 000,190,464 | ---- | M] () -- C:\Program Files\5AB56\lvvm.exe
MOD - [2012/01/17 18:07:49 | 000,175,616 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\C835A\EA388.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost localhost localhost localhost localhost localhost localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63455
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63455
FF - prefs.js..network.proxy.type: 0
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [385.exe] C:\Program Files\LP\060C\385.exe ()
O4 - HKLM..\Run: [713.exe] C:\Program Files\LP\BE5C\713.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [713.exe] C:\Users\Judith\AppData\Roaming\Microsoft\BE5C\713.exe ()
O4 - HKCU..\Run: [Firefox helper] C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Judith\AppData\Roaming\5AB56\lvvm.exe) -C:\Users\Judith\AppData\Roaming\5AB56\lvvm.exe ()
O20 - HKCU Winlogon: Shell - (C:\Users\Judith\AppData\Roaming\C835A\1CE06.exe) -C:\Users\Judith\AppData\Roaming\C835A\1CE06.exe ()
[2012.01.13 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\Judith\AppData\Roaming\C835A
[2012.01.15 18:27:10 | 000,000,388 | ---- | M] () -- C:\windows\tasks\At1.job
[2012.01.15 18:26:07 | 000,291,328 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\firefox.exe
[2012.01.15 15:43:49 | 000,291,328 | ---- | M] () -- C:\Users\Judith\AppData\Roaming\java.exe
:Files
C:\Program Files\5AB56
C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\firefox.exe
C:\Users\Judith\AppData\Roaming\C835A
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2012, 22:01
| #5 |
| | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Hallo Eines vorneweg; Ich abe gedacht Antivir ( im Abgesicherten modus) sei wie verlangt beendet gewesen. Das Script ist auch durchgelaufen, und der Pc ist normal wieder hochgefahren! Bei versuch die Zip Datei nach dem Neustart zu erstellen ist Antivir allerdings angeschlagen und erst durch abschalten der Echtzeitprüfung lies sich die DAtei erstellen. Ich hoffe ich habe dabei nichts falsch gemacht. Code:
ATTFilter All processes killed
========== OTL ==========
No active process named lvvm.exe was found!
No active process named EA388.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 63455 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\385.exe deleted successfully.
C:\Program Files\LP\060C\385.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\713.exe deleted successfully.
C:\Program Files\LP\BE5C\713.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\713.exe deleted successfully.
C:\Users\Judith\AppData\Roaming\Microsoft\BE5C\713.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Firefox helper deleted successfully.
C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\firefox.exe moved successfully.
File \Users\Judith\AppData\Roaming\5AB56\lvvm.exe) -C:\Users\Judith\AppData\Roaming\5AB56\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Judith\AppData\Roaming\5AB56\lvvm.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Judith\AppData\Roaming\C835A\1CE06.exe deleted successfully.
File \Users\Judith\AppData\Roaming\C835A\1CE06.exe) -C:\Users\Judith\AppData\Roaming\C835A\1CE06.exe not found.
C:\Users\Judith\AppData\Roaming\C835A folder moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Users\Judith\AppData\Roaming\firefox.exe moved successfully.
C:\Users\Judith\AppData\Roaming\java.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Judith
->Flash cache emptied: 40156 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Judith
->Temp folder emptied: 4586216075 bytes
->Temporary Internet Files folder emptied: 124882530 bytes
->Java cache emptied: 2670368 bytes
->FireFox cache emptied: 487414286 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77706393 bytes
RecycleBin emptied: 29861567 bytes
Total Files Cleaned = 5,063.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01172012_212944
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OnkelCharlie |
|
17.01.2012, 22:02
| #6 |
| | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Hallo Der Upload scheint funktioniert zu haben OnkelCharlie |
|
18.01.2012, 12:29
| #7 |
| /// Malware-holic | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner hatt er, danke. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2012, 18:15
| #8 |
| | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Hm Ich erhalte die Meldung: ""NIRKMD" konnte nicht gefunden werden. Stellen Sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen sie den Vorgang" EDIT: Scheinbar kommt die Meldung zwischen jedem bearbeitungsschritt... Ich trau mich aber nicht das programm einfach zu beenden. OnkelCharlie |
|
18.01.2012, 18:39
| #9 |
| /// Malware-holic | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner läuft das programm trotzdem weiter, dann die meldung ignorieren
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2012, 18:50
| #10 |
| | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Das Programm ist weitergelaufen aber ich musste gefühlt 80mal bestätigen ;-). Wollte das nur der Vollsändigkeit halber erwähnen! Code:
ATTFilter ComboFix 12-01-18.04 - Judith 18.01.2012 18:17:26.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.765.279 [GMT 1:00]
ausgeführt von:: c:\users\Judith\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee® Total Protection™ for Small Business *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee® Total Protection™ for Small Business *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
* Im Speicher befindliches AV aktiv.
.
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\program files\LP
c:\program files\LP\060C\B25E.tmp
c:\program files\LP\060C\F9A9.tmp
c:\users\Judith\AppData\Roaming\Local
c:\users\Judith\AppData\Roaming\Local\Temp\DDM\Settings\Friendship.Ger.avi.ddr
c:\users\Judith\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Friendship.Ger.avi.ddp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-18 bis 2012-01-18 ))))))))))))))))))))))))))))))
.
.
2012-01-17 20:29 . 2012-01-17 20:56 -------- d-----w- C:\_OTL
2012-01-16 05:39 . 2012-01-17 19:38 -------- d-----w- c:\program files\5AB56
2012-01-13 21:38 . 2012-01-16 05:29 -------- d-----w- c:\users\Judith\AppData\Roaming\5AB56
2012-01-13 21:38 . 2012-01-13 21:38 102912 ----a-w- c:\users\Judith\AppData\Roaming\Microsoft\BE5C\6DA5.tmp
2012-01-11 18:09 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:09 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:09 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 18:09 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-07 11:40 . 2012-01-07 11:40 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 11:40 . 2012-01-07 11:40 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 11:40 . 2012-01-07 11:40 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 11:40 . 2012-01-07 11:40 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 19:01 . 2011-10-19 16:46 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:23 . 2011-12-13 18:32 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35 . 2011-12-13 18:32 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-13 18:32 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-13 18:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-13 18:32 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-13 18:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-02 18:20 . 2011-11-02 18:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 04:42 . 2011-12-13 18:31 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42 . 2011-12-13 18:31 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25 . 2011-12-13 18:31 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-07 11:40 . 2011-06-22 20:46 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-09-09 562496]
"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe" [2009-09-09 95552]
"SiteAdvisor"="c:\program files\SiteAdvisor\6173\SiteAdv.exe" [2007-08-28 36640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"DLCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Updater]
2010-06-08 12:56 4973056 ----a-w- c:\program files\Carambis\Driver Updater\dupdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-06-18 13:37 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 17:07 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-07-27 23:49 288312 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 13:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-04 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-12 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2009-09-09 221024]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-23 862208]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-16 c:\windows\Tasks\HPCeeScheduleForJudith.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2010-01-05 22:38]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Judith\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\atcskmts.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
FF - prefs.js: network.proxy.type - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-MVS - c:\program files\McAfee\Managed VirusScan\Agent\myinx
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-18 18:46:29
ComboFix-quarantined-files.txt 2012-01-18 17:46
.
Vor Suchlauf: 11 Verzeichnis(se), 89.553.534.976 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 90.531.069.952 Bytes frei
.
- - End Of File - - 14AD747B52E99AD9F3D1B38236DABAEC
|
|
18.01.2012, 18:57
| #11 |
| | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Ich sehe gerade das in dem Log-file steht im speicher sei ein Aktives AV programm gewesen... Aber ich hatte eigentlich nach bestem Wissen Antivir ,wie auf der Seite die verlinkt war beschrieben, beendet. OnkelCharlie |
|
18.01.2012, 19:19
| #12 |
| /// Malware-holic | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner das ist schon ok, keine sorge. genauso wie die info, das combofix fehlermeldungen gezeigt hatt, ich wollte auch nur darauf hinweisen, dass du trotzdem das programm weiter laufen lassen kannst :-) malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2012, 21:51
| #13 |
| | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Krass, das hat lange gedauert. Es wurde 14 Einträge gefunden! Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.18.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Judith :: JUDITH-HP [Administrator] 18.01.2012 19:28:51 mbam-log-2012-01-18 (19-28-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366791 Laufzeit: 2 Stunde(n), 18 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 14 C:\_OTL\MovedFiles\01172012_212944\C_Program Files\LP\060C\385.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Program Files\LP\BE5C\713.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\java.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\C835A\1CE06.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\C835A\6F56B.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\C835A\7DFDB.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\C835A\A29BE.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\C835A\EA388.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\Microsoft\BE5C\713.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\01172012_212944\C_Users\Judith\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.CryptPro.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\5AB56\lvvm.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Judith\AppData\Roaming\5AB56\lvvm.exe (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Judith\AppData\Roaming\Microsoft\BE5C\6DA5.tmp (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
19.01.2012, 12:23
| #14 |
| /// Malware-holic | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner start programme zubehör editor, reinkopieren: Killall:: Folder:: C:\Program Files\5AB56 C:\Users\Judith\AppData\Roaming\5AB56 C:\Users\Judith\AppData\Roaming\Microsoft\BE5C datei speichern unter, ort, dort wo sich combofix.exe befindet, typ alle dateien, name cfscript.txt ziehe cfscript auf combofix, programm startet log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.01.2012, 13:20
| #15 |
| | Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner Der Pc wurde nach dem Durchlauf automatisch neu gestartet. Dann hat sich auch der Virenscanner wieder eingeschaltet da er ja bei Start geladen wird. Scheinbar hat aber alles geklappt, ich musste wieder sehr of die Fehlermeldung bestätigen. Code:
ATTFilter ComboFix 12-01-18.04 - Judith 19.01.2012 12:43:08.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.765.305 [GMT 1:00]
ausgeführt von:: c:\users\Judith\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Judith\Desktop\cfscript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee® Total Protection™ for Small Business *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee® Total Protection™ for Small Business *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\5AB56
c:\users\Judith\AppData\Roaming\5AB56
c:\users\Judith\AppData\Roaming\Microsoft\BE5C
c:\users\Judith\AppData\Roaming\Microsoft\BE5C\1AA8.tmp
c:\users\Judith\AppData\Roaming\Microsoft\BE5C\2B67.tmp
c:\users\Judith\AppData\Roaming\Microsoft\BE5C\893B.tmp
c:\users\Judith\AppData\Roaming\Microsoft\BE5C\B8E2.tmp
c:\users\Judith\AppData\Roaming\Microsoft\BE5C\BC13.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-19 bis 2012-01-19 ))))))))))))))))))))))))))))))
.
.
2012-01-19 11:59 . 2012-01-19 12:03 -------- d-----w- c:\users\Judith\AppData\Local\temp
2012-01-19 11:59 . 2012-01-19 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-18 18:25 . 2012-01-18 18:25 -------- d-----w- c:\users\Judith\AppData\Roaming\Malwarebytes
2012-01-18 18:25 . 2012-01-18 18:25 -------- d-----w- c:\programdata\Malwarebytes
2012-01-18 18:25 . 2012-01-18 18:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-18 18:25 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 20:29 . 2012-01-17 20:56 -------- d-----w- C:\_OTL
2012-01-11 18:09 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:09 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:09 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 18:09 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-07 11:40 . 2012-01-07 11:40 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-07 11:40 . 2012-01-07 11:40 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-07 11:40 . 2012-01-07 11:40 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-07 11:40 . 2012-01-07 11:40 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 19:01 . 2011-10-19 16:46 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:23 . 2011-12-13 18:32 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35 . 2011-12-13 18:32 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-13 18:32 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-13 18:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-13 18:32 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-13 18:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-02 18:20 . 2011-11-02 18:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 04:42 . 2011-12-13 18:31 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42 . 2011-12-13 18:31 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25 . 2011-12-13 18:31 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-07 11:40 . 2011-06-22 20:46 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-09-09 562496]
"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe" [2009-09-09 95552]
"SiteAdvisor"="c:\program files\SiteAdvisor\6173\SiteAdv.exe" [2007-08-28 36640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"DLCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-20 73728]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Updater]
2010-06-08 12:56 4973056 ----a-w- c:\program files\Carambis\Driver Updater\dupdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-06-18 13:37 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 17:07 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-07-27 23:49 288312 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 13:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-04 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-12 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2009-09-09 221024]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-23 862208]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-16 c:\windows\Tasks\HPCeeScheduleForJudith.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2010-01-05 22:38]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\atcskmts.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
FF - prefs.js: network.proxy.type - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2908)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\dlcfcoms.exe
c:\progra~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe
c:\windows\system32\taskhost.exe
c:\program files\SiteAdvisor\6173\SAService.exe
c:\progra~1\McAfee\MANAGE~1\Agent\myAgtTry.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-19 13:14:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-19 12:14
ComboFix2.txt 2012-01-18 17:46
.
Vor Suchlauf: 16 Verzeichnis(se), 89.607.282.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 89.555.984.384 Bytes frei
.
- - End Of File - - E629CEF08C81794DE1AF65D89B707D39
OnkelCharlie |
|
| Themen zu Windows wird aus Sicherheitsgründen blockiert bzw. 50 EUR Trojaner |
| 50 euro trojaner, achtung, blockiert, ebenfalls, einträge, forum, frage, freundin, großes, infizierte, internet, kopieren, logfiles, meldung, nutzen, profi, programm, regeln, stick, system, trojane, trojaner, usb, usb stick, verbindung, w-lan, windows, zahlung |
Linear-Darstellung
