| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - seltene Variante?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.02.2012, 02:36
| #1 |
| |  "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - seltene Variante? Hi an alle fleißigen Helferlein, Ich habe mir den schon bekannten Erpresservirus eingefangen, der mir mein System sperrt und die Zeile "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" als Headline trägt. Mein System: Win7 Professional SP1 x64 Wie sich der Virus verhält: Sobald ich normal Starte und eine Internetverbindung vorliegt, kommt der Bildschirm mit der Zahlungsaufforderung und ich kann den PC nur noch via STRG+ALT+ENTF herunterfahren. Wenn ich im abgesicherten Modus mit Eingabeaufforderung oder im abgesicherten Modus mit Netzwerktreibern starte, kommt der Bildschirm nicht. Wenn ich mich mit einem anderen Benutzer normal anmelde, habe ich auch keinerlei Probleme. Folgendes habe ich bereits versucht: Ich habe jetzt schon ein Paar Stunden gegoogelt und diverse Anleitungen ausprobiert. Ich habe mit aktuellen Ständen von Antivir (free), OTL und 3 weiteren Malware und Spyware Scannern, die in diversen Themen empfohlen wurden, mein System durchleuchtet, aber alle haben nichts gefunden. Ich habe nach Anleitung meine Registry (regedit) durchsucht und keine ungewöhnlichen Strings gefunden, die beim Systemstart ausgeführt werden. Die SHELL-Datei enthält richtigerweise auch "explorer.exe". Daraufhin habe ich die explorer.exe im abgesicherten Modus via CMD gestartet um zu schauen, ob sie infiziert ist, wobei der explorer normal aufgegangen ist - also sehr wahrscheinlich nicht betroffen. Ich habe alle möglichen Verzeichnisse, die in anderen Fällen oft betroffen waren, auf ungewöhnliche Dateien Durchsucht. Dabei zwar einiges gefunden, was ich nicht zuordnen kann (z.B. Dateien ohne Dateiendung), aber nichts von den Dateinamen, die im Zusammenhang mit der Schadsoftware genannt wurden. Bzw. wenn ich was gefunden habe passt es nicht mit der Zeit, wann die Datei geändert bzw erstellt wurde (älter als 15 Tage) - den Virus hab seit maximal 5 Tagen. Nun bin ich auf eure Hilfe angewiesen. Anbei noch der Bericht von OTL von meinem Systemscan. (Ich habe den Scan gerade eben spontan mit dem nicht betroffenen Benutzer gemacht - keine Ahnung ob das einen Unterschied macht. Wenn ja, mache ich natürlich sofort einen neuen auf dem betroffenen Admin-Benutzer) Ich danke schonmal im Voraus! lg Jonathan Code:
ATTFilter OTL logfile created on: 13.02.2012 01:43:28 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\test\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,58% Memory free 8,00 Gb Paging File | 6,54 Gb Available in Paging File | 81,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 2,46 Gb Free Space | 4,13% Space Free | Partition Type: NTFS Drive D: | 101,89 Mb Total Space | 101,86 Mb Free Space | 99,97% Space Free | Partition Type: FAT Drive E: | 501,86 Mb Total Space | 501,61 Mb Free Space | 99,95% Space Free | Partition Type: FAT Drive F: | 1396,67 Gb Total Space | 408,22 Gb Free Space | 29,23% Space Free | Partition Type: NTFS Drive G: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JONILEIN | User Name: test | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.13 01:42:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\test\Downloads\OTL.exe PRC - [2012.02.08 21:31:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.02.02 11:01:28 | 000,495,104 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.21 21:53:54 | 001,211,216 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exe PRC - [2010.10.21 21:53:46 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\sp6\LU\LULnchr.exe ========== Modules (No Company Name) ========== MOD - [2012.02.08 21:31:09 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.02 11:01:26 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll MOD - [2011.11.12 10:21:17 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.10.15 12:24:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll MOD - [2011.10.14 02:06:18 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll MOD - [2011.10.14 02:05:46 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll MOD - [2011.10.14 02:05:31 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.14 02:05:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.14 02:05:20 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll MOD - [2011.10.14 02:05:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.14 02:05:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\37f2a07f5c1341f788c5a56baa7cde59\System.Xml.ni.dll MOD - [2011.10.14 02:04:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.14 02:04:57 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.14 02:04:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2335283426-188047916-932912666-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 19:12:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.24 22:06:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.02.13 01:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\mozilla\Extensions [2012.02.12 19:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.17 18:18:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2335283426-188047916-932912666-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B38545F8-5AD7-4588-93B9-62F856D6044A}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - G:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.13 01:40:53 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Macromedia [2012.02.13 01:40:53 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Adobe [2012.02.13 01:37:06 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Mozilla [2012.02.13 01:37:06 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Mozilla [2012.02.12 21:52:22 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Malwarebytes [2012.02.12 21:51:48 | 000,000,000 | ---D | C] -- C:\Users\test\Documents\LOLReplay [2012.02.12 21:51:45 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Logitech [2012.02.12 21:51:45 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\LogiShrd [2012.02.12 21:51:34 | 000,000,000 | R--D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.02.12 21:51:34 | 000,000,000 | R--D | C] -- C:\Users\test\Searches [2012.02.12 21:51:34 | 000,000,000 | R--D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.02.12 21:51:28 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Identities [2012.02.12 21:51:26 | 000,000,000 | R--D | C] -- C:\Users\test\Contacts [2012.02.12 21:51:21 | 000,000,000 | --SD | C] -- C:\Users\test\AppData\Roaming\Microsoft [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Videos [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Saved Games [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Pictures [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Music [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Links [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Favorites [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Downloads [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Documents [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\Desktop [2012.02.12 21:51:21 | 000,000,000 | R--D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Vorlagen [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\AppData\Local\Verlauf [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\AppData\Local\Temporary Internet Files [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Startmenü [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\SendTo [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Recent [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Netzwerkumgebung [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Lokale Einstellungen [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Documents\Eigene Videos [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Documents\Eigene Musik [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Eigene Dateien [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Documents\Eigene Bilder [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Druckumgebung [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Cookies [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\AppData\Local\Anwendungsdaten [2012.02.12 21:51:21 | 000,000,000 | -HSD | C] -- C:\Users\test\Anwendungsdaten [2012.02.12 21:51:21 | 000,000,000 | -H-D | C] -- C:\Users\test\AppData [2012.02.12 21:51:21 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Temp [2012.02.12 21:51:21 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Microsoft [2012.02.12 21:51:21 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Media Center Programs [2012.02.12 21:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.12 21:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.12 21:49:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.12 21:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.12 03:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.01.27 01:35:45 | 000,000,000 | ---D | C] -- C:\xampp [2012.01.24 22:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.01.24 22:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.01.24 22:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.01.23 23:43:42 | 000,627,600 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.01.23 23:43:42 | 000,252,296 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.01.23 23:43:42 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.01.23 23:43:42 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.01.23 23:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.01.23 23:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse [2012.01.19 17:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer [2012.01.19 17:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Packet Tracer 5.3.3 ========== Files - Modified Within 30 Days ========== [2012.02.12 21:58:33 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 21:58:33 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 21:57:59 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.12 21:57:59 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.12 21:57:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.12 21:57:59 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.12 21:57:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.12 21:51:22 | 000,000,498 | RHS- | M] () -- C:\Users\test\ntuser.pol [2012.02.12 21:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.12 21:50:59 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.02.12 21:49:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.12 19:12:25 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.05 13:14:57 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.02.05 13:14:57 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.01.27 03:45:34 | 000,001,065 | ---- | M] () -- C:\Windows\winamp.ini [2012.01.24 22:06:46 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.23 23:43:37 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.01.23 23:43:37 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.01.23 23:43:37 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.01.23 23:43:36 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll ========== Files Created - No Company Name ========== [2012.02.12 21:51:40 | 000,001,405 | ---- | C] () -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.02.12 21:51:36 | 000,001,439 | ---- | C] () -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.02.12 21:51:22 | 000,000,498 | RHS- | C] () -- C:\Users\test\ntuser.pol [2012.02.12 21:49:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.12 19:12:25 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.12 19:12:25 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.05 13:14:57 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.01.24 22:06:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.01.24 22:06:46 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.10.16 10:31:32 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.09.05 23:59:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.07.30 10:37:45 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.07.21 01:53:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.07.21 01:09:13 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2011.07.17 20:56:07 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.07.17 18:35:06 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
13.02.2012, 10:54
| #2 |
| /// Malware-holic   | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - seltene Variante? hi,
__________________1. neustart f8 drücken abgesicherter modus mit netzwerk wählen. melde dich im betroffenen nutzerkonto an. 2. öffne malwarebytes, logdateien, poste alle logs. 3. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
14.02.2012, 00:39
| #3 |
| | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - seltene Variante? Mein System läuft wieder!
__________________Komisch, ich habe nämlich gestern schon einen Quickscan und einen Normalen Scan mit Malwarebytes gemacht, der nichts gefunden hat. Heute hat Malwarebytes infizierte Dateien gefunden und ich hab sie löschen lassen. Seit gestern gab es aber kein Update der Software.. [???] Das Einzige was ich zwischen den beiden Scans gestern und heute noch gemacht habe, war einen neuen Windowsbenutzer anlegen und auf dem OTL laufen lassen. Das erschließt sich mir nicht. Ich möchte euch die Logs aber nicht vorenthalten. vielleicht enthalten sie noch wichtige Informationen. Nicht, dass der Virus nicht noch irgendwo schlummert und wieder ausbricht. Sollte sich das Thema aber durch das Verschwinden des Virus für euch erledigt haben, kann es auch gerne mit dem Vermerk "gelöst" geschlossen werden. Ich danke dir vielmals markusg, ohne deine Textbausteinantwort hätte ich so schnell keinen weiteren Scan mit Malwarebytes gemacht - was letztenendes die Lösung gebracht hat. Herzliche Grüße Jonathan Malwarebytes (Log, der entstand, als auch die infizierten Dateien gefunden wurden) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.13.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 joni :: JONILEIN [Administrator] Schutz: Deaktiviert 13.02.2012 23:49:16 mbam-log-2012-02-13 (23-51-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 196004 Laufzeit: 1 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.VUPX.MTS1) -> Daten: C:\Users\joni\AppData\Local\Mozilla\Firefox\firefox.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\joni\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.VUPX.MTS1) -> Keine Aktion durchgeführt. C:\Users\joni\AppData\Local\Temp\ms0cfg32.exe (Trojan.VUPX.MTS1) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 14.02.2012 00:03:34 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\joni\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,93% Memory free 8,00 Gb Paging File | 6,60 Gb Available in Paging File | 82,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 2,25 Gb Free Space | 3,78% Space Free | Partition Type: NTFS Drive D: | 101,89 Mb Total Space | 101,86 Mb Free Space | 99,97% Space Free | Partition Type: FAT Drive E: | 501,86 Mb Total Space | 501,61 Mb Free Space | 99,95% Space Free | Partition Type: FAT Drive F: | 1396,67 Gb Total Space | 408,22 Gb Free Space | 29,23% Space Free | Partition Type: NTFS Drive G: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JONILEIN | User Name: joni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.14 00:01:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\joni\Desktop\OTL.exe PRC - [2012.02.08 21:31:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2011.09.10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe PRC - [2011.09.10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2011.09.10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe PRC - [2011.07.17 20:40:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe PRC - [2009.04.17 09:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2012.02.08 21:31:09 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.12 10:21:17 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2011.07.17 20:40:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.03 22:39:25 | 003,904,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- F:\games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.17 09:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.07.22 18:08:33 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2011.07.17 21:12:25 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.07.17 20:40:53 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.17 20:40:53 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.07.15 16:30:44 | 000,144,688 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.04.30 12:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF C8 DC F7 4C E6 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about_blank" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.4 FF - prefs.js..network.proxy.http: "50.22.206.188" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 19:12:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.24 22:06:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.07.17 17:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joni\AppData\Roaming\mozilla\Extensions [2011.12.27 06:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\joni\AppData\Roaming\mozilla\Firefox\Profiles\2jlfzyf5.default\extensions [2011.11.27 19:23:37 | 000,000,000 | ---D | M] (YouTube mp3) -- C:\Users\joni\AppData\Roaming\mozilla\Firefox\Profiles\2jlfzyf5.default\extensions\info@youtube-mp3.org [2011.07.17 18:29:59 | 000,000,000 | ---D | M] (Personas) -- C:\Users\joni\AppData\Roaming\mozilla\Firefox\Profiles\2jlfzyf5.default\extensions\personas@christopher.beard [2012.02.12 19:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\JONI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2JLFZYF5.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\JONI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2JLFZYF5.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\JONI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2JLFZYF5.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI [2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.17 18:18:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [7 Taskbar Tweaker] C:\Users\joni\AppData\Local\Temp\7zOF1FC.tmp\7 Taskbar Tweaker x64.exe () O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B38545F8-5AD7-4588-93B9-62F856D6044A}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{487ad24c-b08e-11e0-b122-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{487ad24c-b08e-11e0-b122-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{c360c4b0-b0b9-11e0-a0c0-001a4d5fb36d}\Shell - "" = AutoRun O33 - MountPoints2\{c360c4b0-b0b9-11e0-a0c0-001a4d5fb36d}\Shell\AutoRun\command - "" = I:\Launcher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^joni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^joni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.14 00:01:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\joni\Desktop\OTL.exe [2012.02.13 23:52:26 | 000,000,000 | ---D | C] -- C:\Users\joni\Desktop\Neuer Ordner [2012.02.12 21:49:13 | 000,000,000 | ---D | C] -- C:\Users\joni\AppData\Roaming\Malwarebytes [2012.02.12 21:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.12 21:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.12 21:49:08 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.12 21:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.12 03:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.01.27 01:35:45 | 000,000,000 | ---D | C] -- C:\xampp [2012.01.24 22:10:53 | 000,000,000 | ---D | C] -- C:\Users\joni\AppData\Local\Adobe [2012.01.24 22:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.01.24 22:06:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.01.24 22:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.01.23 23:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.01.23 23:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse [2012.01.19 17:55:03 | 000,000,000 | ---D | C] -- C:\Users\joni\Cisco Packet Tracer 5.3.3 [2012.01.19 17:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer [2012.01.19 17:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Packet Tracer 5.3.3 [2012.01.19 17:52:52 | 000,000,000 | ---D | C] -- C:\Users\joni\4.0 [2012.01.19 17:52:52 | 000,000,000 | ---D | C] -- C:\Users\joni\.tfo4 [2012.01.15 19:49:32 | 000,000,000 | ---D | C] -- C:\Users\joni\Desktop\dbKlausuren ========== Files - Modified Within 30 Days ========== [2012.02.14 00:01:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\joni\Desktop\OTL.exe [2012.02.13 23:59:15 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.13 23:59:15 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.13 23:56:13 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.13 23:56:13 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.13 23:56:13 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.13 23:56:13 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.13 23:56:13 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.13 23:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.13 23:52:00 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.02.12 21:49:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.12 19:12:25 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.12 04:15:48 | 000,001,202 | ---- | M] () -- C:\Users\joni\AppData\Roaming\Roaming - Verknüpfung (2).lnk [2012.02.12 04:15:47 | 000,001,202 | ---- | M] () -- C:\Users\joni\AppData\Roaming\Roaming - Verknüpfung.lnk [2012.02.12 04:00:02 | 000,002,019 | ---- | M] () -- C:\Users\joni\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.12 04:00:02 | 000,001,948 | ---- | M] () -- C:\Users\joni\Desktop\Avira DE-Cleaner.lnk [2012.02.06 00:35:34 | 000,078,170 | ---- | M] () -- C:\Users\joni\Desktop\HTML_Tags_support.html [2012.02.05 13:14:57 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2012.01.27 03:45:34 | 000,001,065 | ---- | M] () -- C:\Windows\winamp.ini [2012.01.24 22:06:46 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.20 00:12:12 | 000,000,186 | ---- | M] () -- C:\Users\joni\.packettracer [2012.01.19 18:09:05 | 000,000,000 | -H-- | M] () -- C:\Users\joni\Documents\Default.rdp [2012.01.16 17:29:57 | 000,020,987 | ---- | M] () -- C:\Users\joni\Desktop\Herr Frank Steinlein.vcf ========== Files Created - No Company Name ========== [2012.02.12 21:49:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.12 19:12:25 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.12 19:12:25 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.12 04:15:48 | 000,001,202 | ---- | C] () -- C:\Users\joni\AppData\Roaming\Roaming - Verknüpfung (2).lnk [2012.02.12 04:15:47 | 000,001,202 | ---- | C] () -- C:\Users\joni\AppData\Roaming\Roaming - Verknüpfung.lnk [2012.02.12 04:00:02 | 000,002,019 | ---- | C] () -- C:\Users\joni\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.12 04:00:02 | 000,001,948 | ---- | C] () -- C:\Users\joni\Desktop\Avira DE-Cleaner.lnk [2012.02.05 14:15:04 | 000,078,170 | ---- | C] () -- C:\Users\joni\Desktop\HTML_Tags_support.html [2012.01.24 22:06:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.01.24 22:06:46 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.01.19 18:09:05 | 000,000,000 | -H-- | C] () -- C:\Users\joni\Documents\Default.rdp [2012.01.19 17:55:03 | 000,000,186 | ---- | C] () -- C:\Users\joni\.packettracer [2012.01.16 17:29:57 | 000,020,987 | ---- | C] () -- C:\Users\joni\Desktop\Herr Frank Steinlein.vcf [2011.10.16 10:31:32 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.09.05 23:59:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.07.30 10:37:45 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.07.24 18:29:24 | 000,045,286 | ---- | C] () -- C:\Users\joni\AppData\Roaming\room_v3.dat [2011.07.21 01:53:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011.07.21 01:53:27 | 000,000,157 | ---- | C] () -- C:\Users\joni\AppData\Roaming\default.rss [2011.07.21 01:53:27 | 000,000,000 | ---- | C] () -- C:\Users\joni\AppData\Roaming\downloads.m3u [2011.07.21 01:09:13 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2011.07.17 20:56:07 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.07.17 19:29:45 | 000,000,600 | ---- | C] () -- C:\Users\joni\AppData\Roaming\winscp.rnd [2011.07.17 18:35:06 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2011.07.20 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\DAEMON Tools Lite [2011.07.17 19:27:23 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\FileZilla [2011.08.28 09:48:34 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\gtk-2.0 [2011.07.17 18:32:10 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\Leadertech [2011.07.17 22:56:52 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\LolClient [2011.12.09 00:40:55 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\Might & Magic Heroes VI [2011.07.17 19:23:10 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\OpenOffice.org [2011.07.17 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\Red Alert 3 [2011.07.19 23:00:35 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\TeamViewer [2011.07.17 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\temp [2011.11.05 14:15:13 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\Thunderbird [2011.07.17 20:19:05 | 000,000,000 | ---D | M] -- C:\Users\joni\AppData\Roaming\Ubisoft [2012.01.17 11:46:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.12 21:51:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.21 21:32:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.11.06 01:15:40 | 000,000,000 | -HSD | M] -- C:\found.000 [2011.08.17 18:12:55 | 000,000,000 | ---D | M] -- C:\Games [2011.07.12 19:16:34 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.12 19:16:16 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.12 21:49:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.02.12 21:49:09 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.03.21 21:32:13 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.17 17:10:21 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.14 00:04:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.02.12 21:51:21 | 000,000,000 | R--D | M] -- C:\Users [2012.02.12 03:32:20 | 000,000,000 | ---D | M] -- C:\Windows [2012.01.27 01:37:07 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.12.19 23:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.07.17 19:57:42 | 000,614,891 | ---- | M] () -- C:\Users\joni\.fonts.cache-1 [2012.01.20 00:12:12 | 000,000,186 | ---- | M] () -- C:\Users\joni\.packettracer [2011.08.28 09:31:03 | 000,000,839 | ---- | M] () -- C:\Users\joni\.recently-used.xbel [2012.02.14 00:05:40 | 001,835,008 | -HS- | M] () -- C:\Users\joni\NTUSER.DAT [2012.02.14 00:05:40 | 000,262,144 | -HS- | M] () -- C:\Users\joni\ntuser.dat.LOG1 [2011.07.17 17:10:33 | 000,000,000 | -HS- | M] () -- C:\Users\joni\ntuser.dat.LOG2 [2011.07.17 17:14:52 | 000,065,536 | -HS- | M] () -- C:\Users\joni\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.07.17 17:14:52 | 000,524,288 | -HS- | M] () -- C:\Users\joni\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.07.17 17:14:52 | 000,524,288 | -HS- | M] () -- C:\Users\joni\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.07.17 17:10:33 | 000,000,020 | -HS- | M] () -- C:\Users\joni\ntuser.ini [2011.07.17 18:15:23 | 000,000,498 | RHS- | M] () -- C:\Users\joni\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.02.2012 00:03:34 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\joni\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,93% Memory free
8,00 Gb Paging File | 6,60 Gb Available in Paging File | 82,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 2,25 Gb Free Space | 3,78% Space Free | Partition Type: NTFS
Drive D: | 101,89 Mb Total Space | 101,86 Mb Free Space | 99,97% Space Free | Partition Type: FAT
Drive E: | 501,86 Mb Total Space | 501,61 Mb Free Space | 99,95% Space Free | Partition Type: FAT
Drive F: | 1396,67 Gb Total Space | 408,22 Gb Free Space | 29,23% Space Free | Partition Type: NTFS
Drive G: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: JONILEIN | User Name: joni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA7A265-A5E3-4DB5-81C1-588238139A24}" = Oracle VM VirtualBox 4.0.12
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.30
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51d759a6-6e6d-4d6e-aa4b-e3b1d2c8191e}" = Nero 9
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f425dd1d-0097-41c3-b545-b79e3d51100e}" = Movie Templates - Pack 1
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Fraps" = Fraps (remove only)
"Gadwin PrintScreen" = Gadwin PrintScreen
"Garena" = Garena 2010
"Hamachi" = Hamachi 1.0.2.5
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"PSPad editor_is1" = PSPad editor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp (remove only)
"winscp3_is1" = WinSCP 4.3.4
"xampp" = XAMPP 1.7.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.12.2011 16:53:12 | Computer Name = jonilein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 1.0.0.131,
Zeitstempel: 0x4ee67891 Name des fehlerhaften Moduls: League of Legends.exe, Version:
1.0.0.131, Zeitstempel: 0x4ee67891 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00492fc7
ID
des fehlerhaften Prozesses: 0x2bc Startzeit der fehlerhaften Anwendung: 0x01ccbaa09e32f62f
Pfad
der fehlerhaften Anwendung: C:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\League
of Legends.exe Pfad des fehlerhaften Moduls: C:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\League
of Legends.exe Berichtskennung: a23a0c87-2695-11e1-8bc3-001a4d5fb36d
Error - 18.12.2011 15:31:24 | Computer Name = jonilein | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4205 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f20 Startzeit:
01ccbda729287ad9 Endzeit: 13 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error - 18.12.2011 15:51:18 | Computer Name = jonilein | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 1.0.0.131,
Zeitstempel: 0x4ee67891 Name des fehlerhaften Moduls: League of Legends.exe, Version:
1.0.0.131, Zeitstempel: 0x4ee67891 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00492fc7
ID
des fehlerhaften Prozesses: 0x1308 Startzeit der fehlerhaften Anwendung: 0x01ccbdbb9a612d44
Pfad
der fehlerhaften Anwendung: C:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\League
of Legends.exe Pfad des fehlerhaften Moduls: C:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.100\deploy\League
of Legends.exe Berichtskennung: a65d6b75-29b1-11e1-bcd7-001a4d5fb36d
Error - 29.12.2011 14:11:13 | Computer Name = jonilein | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f90 Startzeit:
01ccc60fe172053d Endzeit: 61 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
7bdf3e3a-3248-11e1-ab38-001a4d5fb36d
Error - 29.12.2011 22:24:22 | Computer Name = jonilein | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f7c Startzeit:
01ccc65541c06ba2 Endzeit: 46 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
60378c17-328d-11e1-ab38-001a4d5fb36d
Error - 27.01.2012 16:22:22 | Computer Name = jonilein | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10cc Startzeit:
01ccdd278427327c Endzeit: 69 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error - 27.01.2012 17:00:11 | Computer Name = jonilein | Source = Application Hang | ID = 1002
Description = Programm plugin-container.exe, Version 9.0.1.4371 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c74 Startzeit: 01ccdd27868612ef Endzeit: 575 Anwendungspfad:
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Berichts-ID: 6a72c987-4924-11e1-949e-001a4d5fb36d
Error - 27.01.2012 19:54:05 | Computer Name = jonilein | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 9.0.1.4371 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 398 Startzeit:
01ccdd31a2ee64d8 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
Error - 02.02.2012 15:12:56 | Computer Name = jonilein | Source = BugSplat | ID = 1
Description =
Error - 12.02.2012 04:30:33 | Computer Name = jonilein | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 13.02.2012 18:49:54 | Computer Name = jonilein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2012 18:49:54 | Computer Name = jonilein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2012 18:49:54 | Computer Name = jonilein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2012 18:49:54 | Computer Name = jonilein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2012 18:49:54 | Computer Name = jonilein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2012 18:50:06 | Computer Name = jonilein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2012 18:50:06 | Computer Name = jonilein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2012 18:50:06 | Computer Name = jonilein | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2012 18:51:08 | Computer Name = jonilein | Source = DCOM | ID = 10005
Description =
Error - 13.02.2012 18:51:08 | Computer Name = jonilein | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
14.02.2012, 11:42
| #4 |
| /// Malware-holic | "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - seltene Variante?Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert" - seltene Variante? |
| 64-bit, alternate, antivir, avg, avira, bho, bildschirm, blockiert, desktop, diverse, firefox, format, google earth, helper, infiziert, logfile, malware, malwarebytes, maximal, microsoft, mozilla, mozilla thunderbird, netzwerk, plug-in, programme, registry, scan, spyware, system, tan |
Linear-Darstellung
