| |
| |||||||
Log-Analyse und Auswertung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.02.2012, 21:21
| #1 |
| |  Aus Sicherheitsgründen wurde ihr Windowssystem blockiert Hallo Leute, habe das selbe Problem... Habe wie in der Anleitung beschrieben Logs gemacht. Der abgesicherte Modus mit Netzwerktreibern funktioniert. Ich danke schonmal für eure Hilfe! <code> . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by PR at 15:27:07 on 2012-02-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2037.1449 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://de.ask.com/?l=dis&o=15788 uDefault_Page_URL = hxxp://samsung.msn.com uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\4.5\youtubedownloaderToolbarIE.dll TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [vasja] c:\users\pr\appdata\local\temp\0.40322757768200823.exe uRun: [{3F4CF39C-C30E-77EC-C9C6-F35E390E7719}] c:\users\pr\appdata\roaming\wya\uxtyra.exe mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [<NO NAME>] mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRunOnce: [ Malwarebytes Anti-Malware ] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\pr\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico uPolicies-explorer: NoTrayItemsDisplay = 00000000 mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: An OneNote s&enden - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Free YouTube to MP3 Converter - c:\users\pr\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: bmnet.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\05F5E45647A7775627B6 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\3616D6F6 : DhcpNameServer = 134.109.133.1 134.109.133.39 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\5416379724F687D2530373232373 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\775626D20737B6 : DhcpNameServer = 134.109.133.1 134.109.133.39 TCP: Interfaces\{A4578AA0-A57A-4549-A3B7-0205EFCA197A}\E45647A7775627B6 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D92F5088-B458-4124-A6CF-B2BBB04FC8F6} : DhcpNameServer = 139.7.30.126 139.7.30.125 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL IFEO: bttray.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: btwuiext.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: cvh.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: excel.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" IFEO: hpwucli.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe" . Note: multiple IFEO entries found. Please refer to Attach.txt Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\pr\appdata\roaming\mozilla\firefox\profiles\1dvofzno.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336] S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-1-31 36000] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-9-7 10752] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] S2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-1-31 86224] S2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-1-31 110032] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-1-31 74640] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-4 652360] S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304] S3 avmaudio;AVM Audio;c:\windows\system32\drivers\avmaudio.sys [2010-12-27 101248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-12-24 297000] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-24 33320] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-8-18 77624] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-12-30 112128] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-25 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-29 36608] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-12-30 102912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-4 20464] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-12-24 131888] S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384] S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408] S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864] S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-8-18 181432] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-11 52224] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-3 1343400] S4 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664] S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S4 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-11 9216] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-02-04 14:14:39 -------- d-----w- c:\users\pr\appdata\roaming\Malwarebytes 2012-02-04 14:14:30 -------- d-----w- c:\programdata\Malwarebytes 2012-02-04 14:14:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-04 14:14:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-04 13:58:19 -------- d-----w- c:\program files\ESET 2012-02-04 13:39:05 -------- d-----w- c:\users\pr\appdata\roaming\Wya 2012-02-04 13:39:05 -------- d-----w- c:\users\pr\appdata\roaming\Usevasi 2012-01-31 15:19:40 -------- d-----w- c:\users\pr\appdata\roaming\Avira 2012-01-31 15:13:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-01-31 15:13:16 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-01-31 15:13:12 -------- d-----w- c:\programdata\Avira 2012-01-31 15:13:12 -------- d-----w- c:\program files\Avira 2012-01-31 15:01:30 -------- d-----w- c:\users\pr\appdata\local\Trend Micro 2012-01-31 14:51:36 -------- d-----w- c:\programdata\Trend Micro 2012-01-31 14:04:09 1288472 ----a-w- c:\windows\system32\ntdll.dll 2012-01-31 14:04:06 67072 ----a-w- c:\windows\system32\packager.dll 2012-01-31 14:04:03 1328128 ----a-w- c:\windows\system32\quartz.dll 2012-01-31 14:04:02 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-01-20 09:54:40 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2012-01-20 09:54:37 21312 ----a-w- c:\windows\system32\authuitu.dll 2012-01-20 09:53:52 -------- d-----w- c:\program files\TuneUp Utilities 2012 2012-01-20 09:47:54 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-01-11 15:07:10 -------- d-----w- c:\users\pr\.scribus 2012-01-11 15:05:51 -------- d-----w- c:\program files\Scribus 1.3.3.14 2012-01-09 16:45:52 -------- d-----w- c:\program files\Game Flow Analysis Tool 2012-01-08 10:50:15 -------- d-----w- c:\users\pr\appdata\local\{0C1690AA-08B9-40A2-A10C-ECBDCE31F389} 2012-01-06 11:47:45 -------- d-----w- c:\users\pr\appdata\local\{70AE85C7-CF56-4AF6-8C1D-DF2D3EBCE256} 2012-01-06 11:45:58 -------- d-----w- c:\users\pr\appdata\local\{BF73082C-B69C-48CE-A311-563F73A2278A} . ==================== Find3M ==================== . 2011-11-29 16:33:05 253952 ------w- c:\windows\Setup1.exe 2011-11-29 16:32:58 74752 ----a-w- c:\windows\ST6UNST.EXE 2011-11-24 19:05:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys 2010-10-16 23:50:24 3056008 ----a-w- c:\program files\common files\AskToolbarInstaller.exe . ============= FINISH: 15:30:00,41 =============== </code> <code> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 24.12.2010 22:21:15 System Uptime: 04.02.2012 14:48:15 (1 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NF110/NF210/NF310 Processor: Intel(R) Atom(TM) CPU N550 @ 1.50GHz | CPU 1 | 1496/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 87 GiB total, 48,966 GiB free. D: is FIXED (NTFS) - 130 GiB total, 102,821 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . No restore point in system. . ==== Image File Execution Options ============= . IFEO: bttray.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: btwuiext.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: cvh.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: excel.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: hpwucli.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: ipsecdialer.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: manager1.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: misc.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: mobileconnect.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: msaccess.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: msoxmled.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: mspub.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: mstore.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: onenote.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: outlook.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: powerpnt.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: setmtu.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: sftdde.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: srspremiumpanel.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: vpngui.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" IFEO: Winword.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" . ==== Installed Programs ====================== . 2570 2570_Help 2570Trb 32 Bit HP CIO Components Installer Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Dreamweaver CS5.5 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) - Deutsch Adobe Widget Browser AFSS HTML Designer 2.3 AFSS HTML Designer 2.3 (C:\Program Files\AFSS HTML Designer\) AIO_CDA_ProductContext AIO_CDA_Software AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Atheros Client Installation Program ATLAS.ti 5.2 Avira Free Antivirus AVM FRITZ!Box USB-Fernanschluss BatteryLifeExtender Broadcom 802.11 Network Adapter BufferChm Cisco Systems VPN Client 5.0.07.0290 Copy CyberLink YouCam D3DX10 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DivX-Setup DocProc Dropbox Easy Content Share Easy Display Manager Easy SpeedUp Manager EasyBatteryManager ESET Online Scanner v3 Fast Start Fax Foxit Reader 5.0 Free Video to MP3 Converter version 5.0.3.1206 Game Flow Analysis Tool 1.0.0.29 Game Pack GIMP 2.6.11 Google Calendar Sync GPBaseService2 GTA2 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart All-In-One Driver Software 13.0 Rel. A HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply ImagXpress ImgBurn Intel(R) Graphics Media Accelerator Driver Intel® Matrix Storage Manager Internet-TV für Windows Media Center IrfanView (remove only) Java Auto Updater Java(TM) 6 Update 26 Junk Mail filter update Malwarebytes Anti-Malware Version 1.60.1.1000 MarketResearch Marvell Miniport Driver Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office Home and Student 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Klick-und-Los 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (German) 2010 Microsoft Outlook Social Connector Provider for Facebook 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Movie Color Enhancer Mozilla Firefox 7.0.1 (x86 de) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MultimediaPOP neroxml Network NewFreeScreensaver nfsClockHDAzure Nvu 1.0 OCR Software by I.R.I.S. 13.0 Opera 11.60 PamFax PamFax Office Integration PamFaxOutlookAddIn2010 PDFCreator pdfforge Toolbar v4.6 Realtek High Definition Audio Driver Samsung AnyWeb Print Samsung Recovery Solution 5 Samsung Support Center 1.0 Samsung Universal Print Driver Samsung Universal Scan Driver Samsung Update Plus SAMSUNG USB Driver for Mobile Phones Scan Scribus 1.3.3.14 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Shop for HP Supplies Skype™ 4.2 SmartWebPrinting SolutionCenter SpeedFan (remove only) Status Synaptics Pointing Device Driver Toolbox Total Commander (Remove or Repair) TrayApp TubeBox! TuneUp Utilities 2012 TuneUp Utilities Language Pack (de-DE) UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) VC80CRTRedist - 8.0.50727.4053 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.1.11 Vodafone Mobile Connect Lite Voxware Audio decoder 1.6 WebReg WIDCOMM Bluetooth Software Win7codecs Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Silverlight Windows Media Player Firefox Plugin WinRAR Yahoo! Toolbar YouTube Downloader 3.5 YouTube Downloader Toolbar v4.5 . ==== End Of File =========================== </code> <code> GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-02-04 21:02:23 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ESBO Running: iyxkchio.exe; Driver: C:\Users\PR\AppData\Local\Temp\kxldipow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82881369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828BAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000098 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1167269 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde06f53c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde06f53c@0025676faffa 0xCA 0x61 0xCC 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde06f53c@8c77128d15ab 0x31 0x7D 0xCF 0x5D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1167269 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde06f53c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde06f53c@0025676faffa 0xCA 0x61 0xCC 0x1E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde06f53c@8c77128d15ab 0x31 0x7D 0xCF 0x5D ... ---- EOF - GMER 1.0.15 ---- </code> |
| Themen zu Aus Sicherheitsgründen wurde ihr Windowssystem blockiert |
| 4d36e972-e325-11ce-bfc1-08002be10318, acrobat update, antivir, avgnt, avira, blockiert, converter, desktop, device driver, document, downloader, error, firefox, flash player, helper, home, installation, locker, mbamservice.exe, mozilla, mp3, netzwerk, officejet, outlook 2010, pdfforge toolbar, plug-in, realtek, registry, scan, security, software, svchost.exe, system, usb, vodafone, windows, windows 7 home, windows 7 home premium, wurde ihr, youtube downloader |
Baum-Darstellung