| |
| |||||||
Log-Analyse und Auswertung: Windows-Blockierung durch Trojaner ("50 Euro-Virus")Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.02.2012, 22:23
| #1 |
| |  Windows-Blockierung durch Trojaner ("50 Euro-Virus") Hallo zusammen, ich hab leider auch diesen Trojaner auf dem Rechner, der Windows blockiert und auf Grund angeblich besuchter pornografischer Seiten 50 Euro zur Bereinigung des Systems erfordert. Diese OTL-Datei habe ich bereits runtergeladen und entsprechend der Hinweise (hoffentlich richtig) verwendet: Nachfolgend die OTL.Txt.-"Ergebnisse" OTL logfile created on: 04.02.2012 21:55:10 - Run 1 OTL by OldTimer - Version 3.2.31.0 Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,82% Memory free 6,19 Gb Paging File | 5,06 Gb Available in Paging File | 81,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,97 Gb Total Space | 628,28 Gb Free Space | 68,89% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 13,58 Gb Free Space | 69,54% Space Free | Partition Type: FAT32 Computer Name: HOME | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Iris.Home\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) PRC - C:\Programme\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Google\Google EULA\GoogleEULALauncher.exe (Google) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3238.38646__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3238.38722__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3238.38632__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3238.38648__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3238.38703__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3238.38684__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3238.38643__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3238.38670__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3238.38639__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3238.38673__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3238.38640__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3238.38736__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3238.38649__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3238.38698__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3238.38689__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3238.38648__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3238.38723__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3238.38681__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3238.38690__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3238.38672__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3238.38736__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3238.38638__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3238.38689__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3238.38721__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3238.38651__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3238.38681__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3238.38666__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3238.38671__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3238.38670__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3238.38671__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3238.38682__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3238.38731__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3238.38739__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3238.38630__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3238.38636__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3238.38712__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3238.38643__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3238.38717__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3238.38630__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3238.38630__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3238.38716__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3238.38631__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3238.38717__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3238.38628__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3238.38629__90ba9c70f846762e\AEM.Server.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll () MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll () MOD - C:\Programme\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll () ========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Norton Ghost) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (v2imount) -- C:\Windows\System32\drivers\v2imount.sys (Symantec Corporation) DRV - (symsnap) -- C:\Windows\system32\DRIVERS\symsnap.sys (StorageCraft) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (VProEventMonitor) -- C:\Windows\System32\drivers\vproeventmonitor.sys (Symantec Corporation) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\Windows\System32\drivers\BLKWGU.sys (Belkin Corporation) DRV - (ZD1211U(ZyXEL)) ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{191d3f14-ff4c-4895-bdea-db54526cb49a}: C:\Program Files\Adobe\Flash [2009.07.19 12:11:47 | 000,000,000 | ---D | M] [2009.04.30 16:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions Hosts file not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found O4 - HKCU..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225CC8E2-4EDF-40B5-B4CB-76F32A607D8C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C60502B-F3C2-4A8F-AAE8-EEA6D509944D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62FFFEA9-0BC6-4137-9629-95F6DE95A957}: NameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Iris.Home\Anwendungsdaten\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Iris.Home\Anwendungsdaten\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.22 19:28:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT.bak -- [ NTFS ] O33 - MountPoints2\{48ddad0f-109a-11de-a5fb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{48ddad0f-109a-11de-a5fb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cdrun.exe O34 - HKLM BootExecute: (autocheck autochk /p \??\I  O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.04 21:58:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.02.04 21:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.04 21:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.04 21:58:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.04 21:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.04 20:05:50 | 000,000,000 | ---D | C] -- C:\Users\Iris.Home\Eigene Dateien\Meine empfangenen Dateien [2012.01.29 11:11:57 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1996.11.18 23:15:46 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\IMPLODE.DLL [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.04 21:59:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.02.04 21:58:05 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.04 21:46:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.04 21:46:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.04 21:46:31 | 3220,414,464 | -HS- | M] () -- C:\hiberfil.sys [2012.02.04 20:08:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2012.02.04 20:08:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2012.02.04 18:29:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2012.02.04 18:29:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2012.02.03 20:31:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2012.02.03 20:31:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2012.02.02 22:46:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2012.02.02 22:46:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2012.02.02 22:19:58 | 000,000,723 | ---- | M] () -- C:\Toolbars.dat [2012.02.01 22:40:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2012.02.01 22:40:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2012.01.31 21:17:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2012.01.31 21:17:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2012.01.30 22:15:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2012.01.30 22:15:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2012.01.29 20:53:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2012.01.29 20:53:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2012.01.29 11:11:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.01.28 22:54:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2012.01.28 22:54:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2012.01.27 21:58:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2012.01.27 21:58:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.26 20:55:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2012.01.26 20:55:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2012.01.25 22:11:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2012.01.25 22:11:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2012.01.25 12:24:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm [2012.01.25 12:24:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2012.01.24 21:31:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm [2012.01.24 21:31:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2012.01.23 20:25:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2012.01.23 20:25:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2012.01.22 19:55:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2012.01.22 19:55:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2012.01.21 20:00:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2012.01.21 20:00:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2012.01.20 19:46:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2012.01.20 19:46:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2012.01.19 21:16:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2012.01.19 21:16:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2012.01.18 22:24:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2012.01.18 22:24:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.04 21:58:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.06.11 17:28:20 | 000,003,461 | ---- | C] () -- C:\Windows\LITERAT.INI [2009.04.04 12:43:34 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2009.03.14 14:20:06 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2009.01.08 13:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.01.08 12:08:39 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2009.01.08 12:08:39 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.01.08 12:08:38 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.01.08 12:08:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.01.08 12:08:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009.01.08 11:53:01 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.01.08 11:53:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.12.18 19:34:22 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini [2008.12.11 13:43:20 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll [2008.12.11 13:43:20 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll [2008.11.24 21:04:29 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe [2008.11.23 18:45:34 | 000,000,083 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini [2008.11.23 18:45:28 | 000,145,167 | ---- | C] () -- C:\Windows\unstall.exe [2008.11.23 14:35:52 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.11.23 14:35:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.23 14:35:51 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe [2008.11.23 14:25:18 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe [2008.11.22 21:12:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.11.22 20:37:43 | 000,084,644 | ---- | C] () -- C:\Windows\System32\drivers\FwRad17.bin [2008.11.22 20:37:43 | 000,083,024 | ---- | C] () -- C:\Windows\System32\drivers\FwRad16.bin [2008.11.22 20:07:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ZDWlan.dll [2008.11.22 20:07:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\PassAPP.dll [2008.11.22 20:07:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2008.11.22 19:50:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.11.22 19:31:24 | 000,001,082 | ---- | C] () -- C:\Windows\System32\OEMINFO.INI [2008.11.22 19:26:04 | 000,021,740 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2008.11.22 19:01:06 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.11.22 19:00:06 | 000,249,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2008.02.27 11:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631 [2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat.defect [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.07.12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL [2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\Windows\System32\secupd.dat [2003.07.30 10:49:22 | 013,107,200 | ---- | C] () -- C:\Windows\System32\oembios.bin [2003.07.30 10:48:28 | 000,004,711 | ---- | C] () -- C:\Windows\System32\oembios.dat [2003.04.02 13:00:00 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2003.04.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.04.02 13:00:00 | 000,621,704 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2003.04.02 13:00:00 | 000,589,884 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2003.04.02 13:00:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2003.04.02 13:00:00 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2003.04.02 13:00:00 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2003.04.02 13:00:00 | 000,123,654 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2003.04.02 13:00:00 | 000,101,896 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2003.04.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin [2003.04.02 13:00:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2003.04.02 13:00:00 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2003.04.02 13:00:00 | 000,001,804 | ---- | C] () -- C:\Windows\System32\dcache.bin [2003.04.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2003.03.14 12:24:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.05.26 17:53:00 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2IRDAO.DLL [2001.08.03 19:22:00 | 000,182,896 | ---- | C] () -- C:\Windows\System32\drivers\NAVAP.SYS [1998.05.11 00:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\CO2C40EN.DLL [1996.11.18 23:15:52 | 000,131,072 | ---- | C] () -- C:\Windows\System32\P2SODBC.DLL [1996.11.18 23:15:50 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2CTDAO.DLL [1996.11.18 23:15:50 | 000,036,352 | ---- | C] () -- C:\Windows\System32\P2BBND.DLL < End of report > |
|
04.02.2012, 22:24
| #2 |
| |  Windows-Blockierung durch Trojaner ("50 Euro-Virus") OTL ExtrasOTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 04.02.2012 21:55:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Iris.Home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,82% Memory free
6,19 Gb Paging File | 5,06 Gb Available in Paging File | 81,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,97 Gb Total Space | 628,28 Gb Free Space | 68,89% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 13,58 Gb Free Space | 69,54% Space Free | Partition Type: FAT32
Computer Name: HOME | User Name: Iris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0979C5EE-E539-4951-8AF5-107087E01B67}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12646D94-3369-44F9-8A74-4D424D67439D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{12E24F45-DA35-4351-8F8B-EFC5D09D48CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4B3C4105-B89E-44C1-A12A-44F99F3D35C5}" = rport=137 | protocol=17 | dir=out | app=system |
"{704154F3-21BB-48CD-A947-87B8BA123F9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76CE6F31-0740-4F50-AB2F-282F22218DAE}" = lport=138 | protocol=17 | dir=in | app=system |
"{89299F9F-CD48-46F4-A7EE-83350BF02ADB}" = lport=139 | protocol=6 | dir=in | app=system |
"{B53ACEB5-C3A4-463B-A544-E1655E467B2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{DD952732-D7C9-4C3E-B0DD-3F331AD34CB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0AE1CB2-13B9-469E-BBCD-14F5BE4C9536}" = lport=445 | protocol=6 | dir=in | app=system |
"{F0AD9127-301E-4C80-A2CC-6AF8C930C5FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{F1C6DE5F-9A52-419E-B36A-1ED3DF5BBC20}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150E7872-56F0-4360-999C-C4E00A045C50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2F129AEC-D22E-4D8F-9BD6-CCE10AA04D65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A64CBC56-8101-4887-9811-CBDDC845D41A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B757D511-EA04-4399-8D2F-5B6AA6FAEE9C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C01F010A-8EEC-41D8-97A7-7226D5DAD9AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF16222F-9814-4523-8307-F85D732591CF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{499ACFD1-6E5B-4BAD-B2D8-8A3C2CA97464}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{397D8919-58A0-4463-AA12-1DE73F96D4EB}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{21DDB7A5-00A9-96D3-AF53-AF143CE29CD1}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{432DEFB9-9C74-A859-1B66-F67530CF1D33}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EBF259-D41F-3517-78C6-29F335BD252B}" = Skins
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AEBD87F-7818-2C67-F0F5-822E0260D002}" = Catalyst Control Center Graphics Full New
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8BC951D5-2DBA-4DF5-B48C-F1A7A7DB1031}" = Nero BackItUp 2 Essentials
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{98129815-2DEB-7E30-8105-65CC9D0E3F0D}" = ccc-utility
"{9992BAC0-E57C-1BBB-8391-3DEC5BFC025B}" = ATI Catalyst Install Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E752ADC-4903-E12F-8843-743A78CD3CBB}" = ccc-core-static
"{9F9D923C-8BF4-859A-853A-7C4299FD98DD}" = Catalyst Control Center Core Implementation
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BF8DC7F0-DB69-5F15-4871-5B38C95410EA}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D1D5FE-AF9E-9150-1493-C76A81A69FEE}" = Catalyst Control Center Graphics Full Existing
"{D66BDB75-FBB8-4B4E-5379-B17E7EBD7B1A}" = CCC Help English
"{DC344C96-0A5D-65C7-F0D3-CCBA48DDA190}" = CCC Help German
"{E37C6398-2D75-6EF3-FA55-CF4B92371940}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Diagram Designer" = Diagram Designer
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.02.2012 13:30:35 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.02.2012 13:30:35 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.02.2012 13:34:20 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.02.2012 13:34:20 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.02.2012 16:22:23 | Computer Name = Home | Source = VSS | ID = 13
Description =
Error - 04.02.2012 16:22:23 | Computer Name = Home | Source = VSS | ID = 12292
Description =
Error - 04.02.2012 16:47:18 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.02.2012 16:47:18 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.02.2012 16:58:23 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.02.2012 16:58:23 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 04.02.2012 11:59:28 | Computer Name = Home | Source = DCOM | ID = 10016
Description =
Error - 04.02.2012 12:01:28 | Computer Name = Home | Source = DCOM | ID = 10010
Description =
Error - 04.02.2012 13:17:48 | Computer Name = Home | Source = DCOM | ID = 10016
Description =
Error - 04.02.2012 13:30:11 | Computer Name = Home | Source = HTTP | ID = 15016
Description =
Error - 04.02.2012 13:33:52 | Computer Name = Home | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.02.2012 um 18:31:58 unerwartet heruntergefahren.
Error - 04.02.2012 13:33:57 | Computer Name = Home | Source = HTTP | ID = 15016
Description =
Error - 04.02.2012 16:22:23 | Computer Name = Home | Source = DCOM | ID = 10016
Description =
Error - 04.02.2012 16:24:23 | Computer Name = Home | Source = DCOM | ID = 10010
Description =
Error - 04.02.2012 16:46:34 | Computer Name = Home | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.02.2012 um 21:32:46 unerwartet heruntergefahren.
Error - 04.02.2012 16:46:36 | Computer Name = Home | Source = HTTP | ID = 15016
Description =
< End of report >
Es wäre sehr nett, wenn mir hier jemand helfen könnte, wie ich weiter vorgehen muss bzw. welche Daten für eine Hilfe noch erforderlich wären!  PS: Das hier oftmals verlinkte Malware-Programm ist ebenfalls installiert - läuft aber noch! Ergebnisse folgen in Kürze! |
|
04.02.2012, 23:25
| #3 |
| | Windows-Blockierung durch Trojaner ("50 Euro-Virus") Malwarebytes Anti-Malware 1.60.1.1000
__________________www.malwarebytes.org Datenbank Version: v2012.02.04.03 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Iris :: HOME [Administrator] 04.02.2012 21:59:35 mbam-log-2012-02-04 (21-59-35).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 436647 Laufzeit: 1 Stunde(n), 23 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Martin\Desktop\Dies & Das\SoftonicDownloader_fuer_samsung-kies.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\AppData\Local\Temp\ms0cfg32.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Martin\Lokale Einstellungen\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
| Themen zu Windows-Blockierung durch Trojaner ("50 Euro-Virus") |
| 0x00000001, antivir, application/pdf, application/pdf:, avira, bho, blockiert, desktop, ebay, euro, excel, excel.exe, firefox, format, google, home, iexplore.exe, logfile, monitor, object, otl-datei, plug-in, realtek, registry, scan, software, symantec, tracker, trojaner, usb, version=1.0, vista, windows, windows vista home |
Linear-Darstellung
