| |
| |||||||
Log-Analyse und Auswertung: Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.03.2012, 19:54
| #16 |
 |  Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-03-18.04 - Laura 19.03.2012 19:40:10.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2558.1596 [GMT 1:00]
ausgeführt von:: c:\users\Laura\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-19 bis 2012-03-19 ))))))))))))))))))))))))))))))
.
.
2012-03-19 18:46 . 2012-03-19 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 18:40 . 2012-03-19 18:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EABCB5E-EA54-49F4-8EED-B1C0A3FA9A48}\offreg.dll
2012-03-19 18:13 . 2012-03-19 18:13 -------- d-----w- C:\_OTL
2012-03-16 19:44 . 2012-03-16 19:44 -------- d-----w- c:\program files\ESET
2012-03-16 18:02 . 2012-03-16 18:02 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes
2012-03-16 18:02 . 2012-03-16 18:02 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 18:02 . 2012-03-16 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-16 18:02 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 18:01 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EABCB5E-EA54-49F4-8EED-B1C0A3FA9A48}\mpengine.dll
2012-03-15 21:49 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 21:49 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 20:34 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 20:34 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 20:34 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-15 20:34 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-15 20:34 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-15 20:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-15 20:34 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 20:34 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-15 20:18 . 2012-03-15 20:18 -------- d-----w- c:\users\Laura\AppData\Local\ElevatedDiagnostics
2012-03-11 16:56 . 2012-03-11 16:57 -------- d-----w- c:\users\Laura\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-12-14 08:40 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 18:39 . 2011-10-08 12:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 21:11 . 2011-10-08 13:01 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-04 08:58 . 2012-02-16 21:18 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-16 21:18 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-17 12:16 . 2011-10-08 14:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-01 13797992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-16 7739936]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-09-16 674336]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-09-04 167008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-05 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-19 859648]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 70531875
*Deregistered* - 70531875
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.220.18.8 192.168.0.1
FF - ProfilePath - c:\users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\si0e3yt4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-19 19:49:10
ComboFix-quarantined-files.txt 2012-03-19 18:49
.
Vor Suchlauf: 8 Verzeichnis(se), 397.398.929.408 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 396.921.384.960 Bytes frei
.
- - End Of File - - AD671B21681007FE55E041FB560AA038
|
|
20.03.2012, 14:51
| #17 |
| | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" ist der virus jetzt runter?
__________________Wenn ja, kann ich dann die ganzen Programme, die ich auf meinen PC gemacht hab, wie OTL und so löschen ? |
|
20.03.2012, 16:40
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ |
|
20.03.2012, 17:06
| #19 |
| | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" so hier GMER: [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-20 17:05:01
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000032 ST950032 rev.0003
Running: m1yn9kb9.exe; Driver: C:\Users\Laura\AppData\Local\Temp\uxrirpob.sys
---- System - GMER 1.0.15 ----
SSDT 92A531E6 ZwCreateSection
SSDT 92A531F0 ZwRequestWaitReplyPort
SSDT 92A531EB ZwSetContextThread
SSDT 92A531F5 ZwSetSecurityObject
SSDT 92A531FA ZwSystemDebugControl
SSDT 92A53187 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C8E3D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CCEEEC 4 Bytes [E6, 31, A5, 92] {OUT 0x31, AL; MOVSD ; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CCF248 4 Bytes [F0, 31, A5, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CCF28C 4 Bytes [EB, 31, A5, 92] {JMP 0x33; MOVSD ; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CCF308 4 Bytes [F5, 31, A5, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CCF35C 4 Bytes [FA, 31, A5, 92]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!EnableWindow 765E8D02 5 Bytes JMP 69F09A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!DialogBoxParamW 76603B9B 5 Bytes JMP 69E6170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!DialogBoxIndirectParamW 76613B7F 5 Bytes JMP 6A056336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!DialogBoxParamA 7662CF42 5 Bytes JMP 6A0562D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!DialogBoxIndirectParamA 7662D274 5 Bytes JMP 6A05639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!MessageBoxIndirectA 7663E869 5 Bytes JMP 6A056258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!MessageBoxIndirectW 7663E963 5 Bytes JMP 6A0561DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!MessageBoxExA 7663E9C9 5 Bytes JMP 6A05617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1328] USER32.dll!MessageBoxExW 7663E9ED 5 Bytes JMP 6A056117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] kernel32.dll!CreateThread 768FDCC2 5 Bytes JMP 69EC7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!EnableWindow 765E8D02 5 Bytes JMP 69F09A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!GetAsyncKeyState 765EA256 5 Bytes JMP 69EADD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!CallNextHookEx 765EABE1 5 Bytes JMP 69F27BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!UnhookWindowsHookEx 765EADF9 5 Bytes JMP 69F4EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DefWindowProcA 765EBB1C 7 Bytes JMP 69EC952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!CreateWindowExA 765EBF40 5 Bytes JMP 69ED3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!SetWindowsHookExW 765EE30C 5 Bytes JMP 69F02194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!CreateWindowExW 765EEC7C 5 Bytes JMP 69F2FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!GetKeyState 765F2B4D 3 Bytes JMP 69EADC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!GetKeyState + 4 765F2B51 1 Byte [F3]
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!IsDialogMessageW 765F4104 5 Bytes JMP 6A056E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DefWindowProcW 765F507D 7 Bytes JMP 69F27C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!CreateDialogParamA 76601F42 5 Bytes JMP 6A056668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!IsDialogMessage 76602019 5 Bytes JMP 6A056DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DialogBoxParamW 76603B9B 5 Bytes JMP 69E6170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!CreateDialogIndirectParamA 7660721D 5 Bytes JMP 6A0566D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!CreateDialogIndirectParamW 7660EA10 5 Bytes JMP 6A056710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DialogBoxIndirectParamW 76613B7F 5 Bytes JMP 6A056336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!EndDialog 76613BA3 5 Bytes JMP 6A0570B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!CreateDialogParamW 76615630 5 Bytes JMP 6A0566A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!SetKeyboardState 7661695A 5 Bytes JMP 6A0576D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!SendInput 76617019 5 Bytes JMP 6A057679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!SetCursorPos 7662C1B0 5 Bytes JMP 6A057752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DialogBoxParamA 7662CF42 5 Bytes JMP 6A0562D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!DialogBoxIndirectParamA 7662D274 5 Bytes JMP 6A05639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!MessageBoxIndirectA 7663E869 5 Bytes JMP 6A056258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!MessageBoxIndirectW 7663E963 5 Bytes JMP 6A0561DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!MessageBoxExA 7663E9C9 5 Bytes JMP 6A05617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!MessageBoxExW 7663E9ED 5 Bytes JMP 6A056117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] USER32.dll!keybd_event 7663EC3B 5 Bytes JMP 6A057636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] SHELL32.dll!RealDriveType + 173D 756DFDD0 4 Bytes [CF, 01, 82, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] SHELL32.dll!RealDriveType + 1745 756DFDD8 8 Bytes [E0, 61, 81, 71, 79, F7, 81, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2060] ole32.dll!OleLoadFromStream 76296143 5 Bytes JMP 6A056B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [718147BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [7182029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71815EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [71827F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [7182F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [7182F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [718307CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [7182FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [71815E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7182ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [718147BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [71814E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [718163E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7182B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [71816D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [7182BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [7182C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [7182029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [71814E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [71815EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [718147BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [718163E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [71814E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [7182C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [7182E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [7182AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [7182ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [7182B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [71816D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [71815EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [7182FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [718307CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [7182939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [718163E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [7182029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [71815F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [71829229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [7181F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [718147BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [71815E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [71820ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [7182F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [7182F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [7183072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [7182F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [71831542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [71831C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [7181FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [71831191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [7181F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [7181FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [71831095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [71831F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [718312D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [71830DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [71820178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [71831B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [7183194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [71831233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [7181F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [7181F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [718327C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [7183136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [71831284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [71830F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [71832769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [7181F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [71832937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [71817430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [7181F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [7181E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [71815D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [7183140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [71831590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [71831F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [71820123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [7183218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [71831BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [7181FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [718319EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [7181FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [718320D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [71832B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [71832028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [71830F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [71814927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [71830D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [7181FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [718318A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [71831CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [7183171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [718317B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [71814984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [71828C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [7182CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [7182D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [7182D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [71816D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [7182C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7182B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [7182B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [7182A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [7182E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [71814E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7182ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [7182A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [71829AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [7182E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [7182E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [71829F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [7182BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [7182A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [71814E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [71816D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [7181F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [71831F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [71832028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [71832B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [71832B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [71820178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [718164C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [71814CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [71814927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [71814984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [71816528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [718147BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [718147BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2060] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [718147BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----
|
|
20.03.2012, 17:13
| #20 |
| | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" so hier osam: ich hoffe das war richtig Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:11:29 on 20.03.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Opera Software Opera Internet Browser 11.61 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Control Panel Objects %SystemRoot%\system32 |||||| "FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\Windows\system32\FlashPlayerCPLApp.cpl File exists |||||| "nvcpl.cpl" "NVIDIA Corporation" C:\Windows\system32\nvcpl.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL File exists |||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl File exists |||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists |||||| "avkmgr" (avkmgr) "Avira GmbH" C:\Windows\System32\DRIVERS\avkmgr.sys File exists "catchme" (catchme) C:\Users\Laura\AppData\Local\Temp\catchme.sys File not found |||||| "MBAMProtector" (MBAMProtector) "Malwarebytes Corporation" C:\Windows\system32\drivers\mbam.sys File exists "Realtek IR Driver" (RtsUIR) C:\Windows\System32\DRIVERS\Rts516xIR.sys File not found "Realtek Smartcard Reader Driver" (USBCCID) C:\Windows\System32\DRIVERS\RtsUCcid.sys File not found |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists "uxrirpob" (uxrirpob) C:\Users\Laura\AppData\Local\Temp\uxrirpob.sys Hidden registry entry, rootkit activity | File not found Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll File exists |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File exists |||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved |||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists |||||| {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL File exists |||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll File exists |||||| {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll File exists |||||| {1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll File exists |||||| {4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll File exists |||||| {846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll File exists |||||| {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll File exists |||||| {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" "NVIDIA Corporation" C:\Windows\system32\nvshext.dll File exists |||||| {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists |||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL File exists |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists |||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists Internet Explorer HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions "eBay - Der weltweite Online-Marktplatz" hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 HTTP value HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_16.dll File exists {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" hxxp://download.eset.com/special/eos/OnlineScanner.cab "ESET" C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX File exists |||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\Windows\system32\Macromed\Flash\Flash11c.ocx File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File exists |||| {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" "Microsoft Corporation" C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File exists || {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||| "APSDaemon" "Apple Inc." "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File exists |||||| "avgnt" "Avira Operations GmbH & Co. KG" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "CLMLServer" "CyberLink" "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" File exists "iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists |||||| "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File exists |||||| "NvCplDaemon" "NVIDIA Corporation" RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup File exists |||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists |||| "UCam_Menu" "CyberLink Corp." "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" File exists |||| "UpdateP2GoShortCut" "CyberLink Corp." "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" File exists |||| "YouCam Mirror Tray icon" "CyberLink Corp." "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\Windows\system32\mdimon.dll File exists |||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists |||||| "Avira Echtzeit Scanner" (AntiVirService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira Planer" (AntiVirSchedulerService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists "BBUpdate" (BBUpdate) "Microsoft Corporation." C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe File exists "BingBar Service" (BBSvc) "Microsoft Corporation." C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe File exists |||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists |||||| "MBAMService" (MBAMService) "Malwarebytes Corporation" C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe File exists |||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists |||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists |||||| "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) "Nero AG" C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File exists |||||| "NVIDIA Display Driver Service" (nvsvc) "NVIDIA Corporation" C:\Windows\system32\nvvsvc.exe File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "TeamViewer 7" (TeamViewer7) "TeamViewer GmbH" C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
20.03.2012, 17:27
| #21 |
| | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" so und das letzte: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-20 17:16:10
-----------------------------
17:16:10.790 OS Version: Windows 6.1.7601 Service Pack 1
17:16:10.790 Number of processors: 2 586 0x170A
17:16:10.805 ComputerName: LAURAS-PC UserName: Laura
17:16:12.818 Initialize success
17:17:16.285 AVAST engine defs: 12032000
17:17:25.894 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
17:17:25.894 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
17:17:25.957 Disk 0 MBR read successfully
17:17:25.957 Disk 0 MBR scan
17:17:25.972 Disk 0 unknown MBR code
17:17:25.972 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:17:25.988 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 434852 MB offset 206848
17:17:26.035 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 890783744
17:17:26.066 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 974669824
17:17:26.081 Disk 0 scanning sectors +976771120
17:17:26.175 Disk 0 scanning C:\Windows\system32\drivers
17:17:41.792 Service scanning
17:18:06.284 Modules scanning
17:18:14.754 Disk 0 trace - called modules:
17:18:14.770 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
17:18:14.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f0b810]
17:18:14.786 3 CLASSPNP.SYS[8320459e] -> nt!IofCallDriver -> [0x85e3a0c8]
17:18:14.801 5 ACPI.sys[89cc43d4] -> nt!IofCallDriver -> \Device\00000060[0x85e3a780]
17:18:15.987 AVAST engine scan C:\Windows
17:18:19.902 AVAST engine scan C:\Windows\system32
17:21:42.227 AVAST engine scan C:\Windows\system32\drivers
17:21:58.264 AVAST engine scan C:\Users\Laura
17:25:40.692 AVAST engine scan C:\ProgramData
17:26:25.557 Scan finished successfully
17:26:42.265 Disk 0 MBR has been saved successfully to "C:\Users\Laura\Desktop\MBR.dat"
17:26:42.281 The log file has been saved successfully to "C:\Users\Laura\Desktop\aswMBR.txt"
|
|
20.03.2012, 17:57
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.03.2012, 20:51
| #23 |
| | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" ist das normal, dass das MBR-Fix sehr schnell geht? hier das ergebnis: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-20 20:38:28
-----------------------------
20:38:28.900 OS Version: Windows 6.1.7601 Service Pack 1
20:38:28.900 Number of processors: 2 586 0x170A
20:38:28.900 ComputerName: LAURAS-PC UserName: Laura
20:38:47.120 Initialize success
20:38:54.546 AVAST engine defs: 12032000
20:38:57.806 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
20:38:57.806 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
20:38:57.822 Disk 0 MBR read successfully
20:38:57.838 Disk 0 MBR scan
20:38:57.838 Disk 0 Windows 7 default MBR code
20:38:57.853 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:38:57.869 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 434852 MB offset 206848
20:38:57.900 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 890783744
20:38:57.916 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 974669824
20:38:57.931 Disk 0 scanning sectors +976771120
20:38:57.994 Disk 0 scanning C:\Windows\system32\drivers
20:39:11.066 Service scanning
20:39:41.549 Modules scanning
20:39:51.314 Disk 0 trace - called modules:
20:39:51.330 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
20:39:51.346 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f08838]
20:39:51.346 3 CLASSPNP.SYS[89fbd59e] -> nt!IofCallDriver -> [0x85e3a1b0]
20:39:51.361 5 ACPI.sys[89c8f3d4] -> nt!IofCallDriver -> \Device\00000060[0x85e3a868]
20:39:52.516 AVAST engine scan C:\Windows
20:39:56.104 AVAST engine scan C:\Windows\system32
20:43:23.961 AVAST engine scan C:\Windows\system32\drivers
20:43:47.174 AVAST engine scan C:\Users\Laura
20:47:54.341 AVAST engine scan C:\ProgramData
20:48:28.271 Scan finished successfully
20:49:02.139 Disk 0 MBR has been saved successfully to "C:\Users\Laura\Desktop\MBR.dat"
20:49:02.139 The log file has been saved successfully to "C:\Users\Laura\Desktop\aswMBR2.txt"
|
|
21.03.2012, 15:02
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2012, 21:32
| #25 |
| | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" so hier das ergebnis von malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.21.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Laura :: LAURAS-PC [Administrator] Schutz: Aktiviert 21.03.2012 19:15:30 mbam-log-2012-03-21 (19-15-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291407 Laufzeit: 1 Stunde(n), 22 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/21/2012 at 09:29 PM
Application Version : 5.0.1146
Core Rules Database Version : 8363
Trace Rules Database Version: 6175
Scan type : Complete Scan
Total Scan Time : 00:45:22
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 636
Memory threats detected : 0
Registry items scanned : 34760
Registry threats detected : 0
File items scanned : 44139
File threats detected : 49
Adware.Tracking Cookie
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\QZ7VNDWP.txt [ /mediaplex.com ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\VSQ3BV6T.txt [ /smartadserver.com ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\NJCMDWFX.txt [ /doubleclick.net ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\4Y1Q7BND.txt [ /microsoftwllivemkt.112.2o7.net ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\2WDMFVRM.txt [ /eaeacom.112.2o7.net ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\Y0U80RJ4.txt [ /ad.yieldmanager.com ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\EA28YVOY.txt [ /atdmt.com ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\EDZFMF63.txt [ /msnportal.112.2o7.net ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\B83WPEPX.txt [ /apmebf.com ]
C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Cookies\D6NDDT4S.txt [ /invitemedia.com ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\E79R1I3X.txt [ Cookie:laura@doubleclick.net/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A0DK4SDI.txt [ Cookie:laura@questionmarket.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\97GKPV2J.txt [ Cookie:laura@im.banner.t-online.de/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX4W1CIG.txt [ Cookie:laura@de.sitestat.com/idgcom-de/gamestar/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z722U4NJ.txt [ Cookie:laura@zanox.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TSY1BDYM.txt [ Cookie:laura@adtech.de/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\29B9IDEN.txt [ Cookie:laura@eas.apm.emediate.eu/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0O3LR6EL.txt [ Cookie:laura@nextag.de/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNNMMJDG.txt [ Cookie:laura@tradedoubler.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NMQE1IS7.txt [ Cookie:laura@statse.webtrendslive.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5K5UHJK.txt [ Cookie:laura@zanox-affiliate.de/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\10ADFAAS.txt [ Cookie:laura@www.burstnet.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8F7XGO8Q.txt [ Cookie:laura@ad1.adfarm1.adition.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G5GPFG97.txt [ Cookie:laura@fastclick.net/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CM1QGTMI.txt [ Cookie:laura@legolas-media.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VKT728PS.txt [ Cookie:laura@atdmt.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4IWC416S.txt [ Cookie:laura@tracking.quisma.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C4OOQL05.txt [ Cookie:laura@msnportal.112.2o7.net/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\71J8H03R.txt [ Cookie:laura@www.googleadservices.com/pagead/conversion/1069528796/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\M2A4X6M4.txt [ Cookie:laura@unitymedia.de/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JQWFIAED.txt [ Cookie:laura@atdmt.combing.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQXE0ROV.txt [ Cookie:laura@apmebf.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2RZIENG6.txt [ Cookie:laura@adviva.net/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\505IPDDQ.txt [ Cookie:laura@adfarm1.adition.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BGQJPHYC.txt [ Cookie:laura@invitemedia.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\B56MWGCA.txt [ Cookie:laura@adsystem.tech-review.de/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3SBX9KSD.txt [ Cookie:laura@ad3.adfarm1.adition.com/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P16HG4CS.txt [ Cookie:laura@www.googleadservices.com/pagead/conversion/1026198434/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UNWNNTHE.txt [ Cookie:laura@traffictrack.de/ ]
C:\USERS\LAURA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6G5ZHU2I.txt [ Cookie:laura@c.atdmt.com/ ]
C:\USERS\LAURA\Cookies\QZ7VNDWP.txt [ Cookie:laura@mediaplex.com/ ]
C:\USERS\LAURA\Cookies\NJCMDWFX.txt [ Cookie:laura@doubleclick.net/ ]
C:\USERS\LAURA\Cookies\2WDMFVRM.txt [ Cookie:laura@eaeacom.112.2o7.net/ ]
C:\USERS\LAURA\Cookies\EA28YVOY.txt [ Cookie:laura@atdmt.com/ ]
C:\USERS\LAURA\Cookies\EDZFMF63.txt [ Cookie:laura@msnportal.112.2o7.net/ ]
C:\USERS\LAURA\Cookies\B83WPEPX.txt [ Cookie:laura@apmebf.com/ ]
C:\USERS\LAURA\Cookies\D6NDDT4S.txt [ Cookie:laura@invitemedia.com/ ]
cdn.complexmedianetwork.com [ C:\USERS\LAURA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NG9XWQPN ]
media.mtvnservices.com [ C:\USERS\LAURA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NG9XWQPN ]
|
|
22.03.2012, 11:48
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2012, 11:53
| #27 |
| | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" also das funktioniert wieder wunderbar.. wenn du mir sagst das da nichts mehr drauf ist das ich irgendwie runter machen muss, dann bin ich froh das wir fertig sind.. ich danke dir =) LG Laura |
|
22.03.2012, 13:02
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2012, 13:41
| #29 |
| | Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" danke danke.. werd ich auf jeden fall machen. wenn ich wieder zu Hause bin versuch ich das mal runterzumachen wenns nicht geht sag ich nochmal bescheid .. |
|
| Themen zu Virus "aus sicherheitsgründen wurde ihr windowssystem blockiert" |
| alternate, ander, aus sicherheitsgründen, aus sicherheitsgründen wurde ihr windowssystem blockiert, blockiert, brauche, drücke, hoffe, otl.txt, plug-in, quick, reich, runterladen, scan, searchscopes, sicherheitsgründe, sicherheitsgründen, tolle, umgehen, version=1.0, virus, virus aus sicherheitsgründen wurde das system blockiert, windowssystem, windowssystem blockiert, wurde ihr, überall |
Linear-Darstellung
