|
Plagegeister aller Art und deren Bekämpfung: Windows-Verschlüsselungs Trojaner weiterhin schadhaft?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.05.2012, 16:45 | #1 |
| Windows-Verschlüsselungs Trojaner weiterhin schadhaft? Hallo allerseits, auch ich habe mir nach dem Öffnen einer dieser dubiosen Rechnungsmails einen Verschlüsselungs Trojaner eingefangen. Die Mail hatte ich am Tag davor leider schon gelöscht, da ich zu diesem Zeitpunkt noch keinen Trojaner vermutete. Am nächsten Tag konnte ich mich nicht mehr in meinen Account einloggen. Nach etwa 1 Stunde hat der Admin meinen Account(Uni) gelöscht und ich konnte nach Neuerstellung des Accounts wieder normal einloggen und die meisten Programme nutzen. Leider wurden während des 1-stündigen Sperrbildschirms einige Ordner im Hintergrund der Reihe nach (auf C:\ ...worauf jeder PC-Nutzer Zugriff hat), verschlüsselt. Damit will ich eigtl. nur darauf hinweisen, das jeder Betroffene zur Datenrettung den entsprechenden Rechner direkt ausschalten sollte, bis das Problem (hoffentlich von euch ) gelöst wurde. In meinem Fall wurde zum Glück nur ein Bruchteil der vielen Daten verschlüsselt. Meine Sorge ist nun, ob der Trojaner noch irgendwo schlummert und wieder anfängt Daten zu verschlüsseln etc. Ich habe dazu eure 3-Schrittanleitung durchgeführt und die Logfile's angehangen bzw. im Folgenden eingefügt. System: Win7 32bit Ich hoffe Ihr könnt mir dabei helfen und schonmal vielen Dank für Eure Zeit und die vielen nützlichen Informationen in diesem Forum. P.S. Beim Ausführen von GMER kam nicht die erwartete Nachricht, dass das System modifiziert wurde. Heisst das nun es ist alles in Ordnung? ________________________________________________________ OTL-File:OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2012 16:39:48 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\s0513825\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 71,11% Memory free 6,49 Gb Paging File | 5,57 Gb Available in Paging File | 85,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,75 Gb Total Space | 32,97 Gb Free Space | 55,17% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 195,22 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: RT70 | User Name: LEOPAUL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.31 16:11:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\s0513825\Downloads\OTL.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.07.26 11:16:12 | 000,194,224 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe PRC - [2010.06.23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe PRC - [2010.06.22 17:03:52 | 000,047,768 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe PRC - [2010.06.22 17:02:52 | 000,047,776 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe PRC - [2010.06.18 21:58:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe PRC - [2010.06.17 12:38:50 | 000,752,304 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe PRC - [2010.06.16 17:06:08 | 000,360,568 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe PRC - [2010.06.16 17:02:02 | 000,055,416 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe PRC - [2010.06.16 16:46:32 | 000,045,168 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe PRC - [2010.06.14 13:39:48 | 000,018,584 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nipxism.exe PRC - [2010.03.05 15:10:14 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.20 04:19:34 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.11.04 17:52:40 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.07.26 11:16:12 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder) SRV - [2010.06.23 13:14:54 | 000,131,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery) SRV - [2010.06.22 17:03:52 | 000,047,768 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc) SRV - [2010.06.22 17:02:52 | 000,047,776 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer) SRV - [2010.06.18 21:58:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr) SRV - [2010.06.17 12:38:50 | 000,752,304 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService) SRV - [2010.06.16 17:06:08 | 000,360,568 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2010.06.16 17:02:02 | 000,055,416 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync) SRV - [2010.06.16 16:46:32 | 000,045,168 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds) SRV - [2010.06.14 13:39:48 | 000,018,584 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\nipxism.exe -- (nipxirmu) SRV - [2010.05.17 18:18:44 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2010.03.05 15:10:14 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - [2012.03.08 14:00:38 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2011.11.04 17:00:00 | 000,039,696 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CH341SER.SYS -- (CH341SER) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 04:30:14 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010.11.20 02:24:42 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 02:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 02:21:16 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010.11.20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 01:14:50 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.20 00:42:30 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2010.08.31 13:43:36 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2010.06.23 10:04:52 | 000,011,432 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NiViPxiKl.sys -- (NiViPxiK) DRV - [2010.06.23 10:03:06 | 000,011,432 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NiViPciKl.sys -- (NiViPciK) DRV - [2010.06.21 15:31:28 | 000,022,608 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ni1065k.sys -- (ni1065k) DRV - [2010.06.21 15:31:24 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ni1045kl.sys -- (ni1045k) DRV - [2010.06.21 15:31:14 | 000,026,192 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ni1006k.sys -- (ni1006k) DRV - [2010.06.21 15:31:10 | 000,042,136 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipxibrc.sys -- (nipxibrc) DRV - [2010.06.21 15:31:06 | 000,058,504 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipxibaf.sys -- (nipxibaf) DRV - [2010.06.18 12:18:20 | 000,011,416 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nimxdfkl.sys -- (nimxdfk) DRV - [2010.06.14 14:30:06 | 000,021,144 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipxigpk.sys -- (nipxigpk) DRV - [2010.06.14 13:55:40 | 000,011,416 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nipxirmkl.sys -- (nipxirmk) DRV - [2010.06.11 14:30:04 | 000,011,432 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nidimkl.sys -- (nidimk) DRV - [2010.06.11 14:14:12 | 000,011,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nimdbgkl.sys -- (nimdbgk) DRV - [2010.06.02 18:45:32 | 000,011,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipalusbedl.sys -- (nipalusbedl) DRV - [2010.06.02 18:44:54 | 000,597,656 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipalk.sys -- (NIPALK) DRV - [2010.06.02 18:44:34 | 000,011,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipalfwedl.sys -- (nipalfwedl) DRV - [2010.03.24 12:27:44 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipbcfk.sys -- (nipbcfk) DRV - [2010.01.19 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs) DRV - [2009.06.14 15:32:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\niorbkl.sys -- (niorbk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.08 12:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.13 16:46:17 | 000,000,000 | ---D | M] [2011.05.26 11:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leopaul\AppData\Roaming\mozilla\Extensions [2012.02.13 16:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leopaul\AppData\Roaming\mozilla\Firefox\Profiles\t53381nl.default\extensions [2011.09.08 12:13:10 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\leopaul\AppData\Roaming\mozilla\Firefox\Profiles\t53381nl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.09.08 12:13:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\leopaul\AppData\Roaming\mozilla\Firefox\Profiles\t53381nl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.05.16 12:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.25 13:57:18 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv2010win32.dll [2010.05.25 12:43:16 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll [2011.09.08 12:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.08 12:10:32 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.08 12:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.08 12:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.08 12:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O4 - HKLM..\Run: [NI Background Service] C:\Programme\National Instruments\Shared\Update Service\niupdate.exe (National Instruments) O4 - HKCU..\Run: [NIRegistrationWizard] C:\Program Files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.45.176.34 141.45.176.33 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fb1.fhtw-berlin.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37F5B23C-E05F-45AB-8C2F-E30787508A12}: DhcpNameServer = 141.45.176.34 141.45.176.33 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.31 15:28:34 | 000,000,000 | ---D | C] -- C:\arduino-1.0 [2012.05.31 15:21:15 | 000,000,000 | ---D | C] -- C:\Arduino_Target_v4.0 [2012.05.31 14:56:35 | 000,000,000 | ---D | C] -- C:\Arduino-1.0.1 [2012.05.22 18:37:20 | 000,000,000 | ---D | C] -- C:\test_arduino [2012.05.22 18:27:58 | 000,000,000 | ---D | C] -- C:\slprj [2012.05.22 18:07:06 | 000,000,000 | ---D | C] -- C:\untitled_grt_rtw [2012.05.22 17:47:50 | 000,000,000 | ---D | C] -- C:\test_grt_rtw ========== Files - Modified Within 30 Days ========== [2012.05.31 16:23:11 | 000,000,000 | ---- | M] () -- C:\Users\leopaul\defogger_reenable [2012.05.31 13:14:08 | 000,015,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 13:14:08 | 000,015,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.31 13:11:04 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.31 13:11:04 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.31 13:11:04 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.31 13:11:04 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.31 13:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.31 13:06:44 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys ========== Files Created - No Company Name ========== [2012.05.31 16:23:11 | 000,000,000 | ---- | C] () -- C:\Users\leopaul\defogger_reenable [2012.03.06 11:57:28 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll [2011.05.16 14:16:24 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.05.16 11:09:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.16 11:09:29 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.05.16 09:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.13 15:51:16 | 000,012,347 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.03.21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.06.10 14:46:20 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini [2010.06.02 18:44:54 | 000,003,520 | ---- | C] () -- C:\Windows\System32\nipalpg.dll ========== LOP Check ========== [2011.05.26 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\leopaul\AppData\Roaming\GHISLER [2012.02.21 16:29:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > _________________________________________________________ EXTRA_file:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.05.2012 16:39:48 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\s0513825\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 71,11% Memory free 6,49 Gb Paging File | 5,57 Gb Available in Paging File | 85,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,75 Gb Total Space | 32,97 Gb Free Space | 55,17% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 195,22 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: RT70 | User Name: LEOPAUL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] "PolicyVersion" = 513 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules] "WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|RA4=141.45.176.66|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| "WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|RA4=141.45.176.66|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| "WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|RA4=141.45.176.66|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | "{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe | "{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\systemwebserver.exe | "{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\systemwebserver.exe | "TCP Query User{028097F5-E0E0-4165-9B38-855898A54266}C:\program files\national instruments\shared\registrationwizard\bin\registrationwizard.exe" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\registrationwizard\bin\registrationwizard.exe | "TCP Query User{84B6A03C-AD87-4004-BB15-E1959159E5AC}C:\program files\national instruments\shared\registrationwizard\bin\registrationwizard.exe" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\registrationwizard\bin\registrationwizard.exe | "TCP Query User{B51E75E9-6877-48F5-A178-D2B196935811}C:\program files\national instruments\max\nimax.exe" = protocol=6 | dir=in | app=c:\program files\national instruments\max\nimax.exe | "UDP Query User{6CF3E1A7-66F4-49F6-ABDD-857BA2BC6D1D}C:\program files\national instruments\max\nimax.exe" = protocol=17 | dir=in | app=c:\program files\national instruments\max\nimax.exe | "UDP Query User{8D7A66F7-4215-4C7D-A537-F88175EF498F}C:\program files\national instruments\shared\registrationwizard\bin\registrationwizard.exe" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\registrationwizard\bin\registrationwizard.exe | "UDP Query User{C26DAED6-ECE6-4D4B-9849-B409C1CAD553}C:\program files\national instruments\shared\registrationwizard\bin\registrationwizard.exe" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\registrationwizard\bin\registrationwizard.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01CF3725-EE33-4308-BBF9-90BF6AC43814}" = NI Logos 5.2.0 "{01EDE5EB-64AB-4C69-83C7-A4E40C791B3E}" = NI LabVIEW 2010 Simulation "{02BFF0BA-6E63-44A2-BE65-6380AC3AE9FE}" = NI-1588 Configuration 1.0 "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer "{03FECA97-52A3-4079-937E-7840EE4FF52C}" = NI Web Application Server 1.0 "{054D2E42-26D0-4E3F-A638-734653B2ADBA}" = NI LabVIEW 2010 "{0607F297-8670-483C-8947-61A572473DEF}" = NI Xerces Delay Load 2.7.2 "{06E94DFA-ECCE-4A6D-BDCA-1F00D030B0C0}" = NI LabVIEW Merge Utility 10.0.0 "{0924A1FE-3E37-4BBE-A35B-EF12001F2CAD}" = NI LabVIEW 2010 "{09860281-0D72-418B-B691-CADCE0AF2192}" = NI Assistant Framework LabVIEW 2010 Support "{09C74CB9-18F3-4161-8385-5104050586E4}" = NI Variable Engine LabVIEW 2010 Support "{0AAB121C-8EA7-49F5-B37C-DF117FB46771}" = NI LabVIEW Run-Time Engine 2009 "{0D3F2D86-F2F2-4B05-BB46-83C15DC88CD1}" = NI LabVIEW 2010 Real-Time Error Dialog "{0F49F0AC-B14D-40B7-9848-EBA6B3A5C123}" = NI LabWindows/CVI 2009 Run-Time Engine "{0FCE0BA9-8AD4-4622-9ADF-EFF0355EEAE7}" = NI LabVIEW Run-Time Engine Interop 2009 "{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1 "{1052C0CF-35BC-4B3D-BCB2-D0CE96CA81E9}" = NI PXI Platform Services 2.5.6 "{112FE5D5-EB7A-4795-B906-79FB08E936C6}" = NI-RPC 4.2.0f0 for Phar Lap ETS "{15B05C75-6B0C-4969-BD33-C9B8FBEFA251}" = NI LabVIEW 2010 License "{1692ADD0-675A-45B5-A095-9D427944E01F}" = NI LabVIEW 2010 Control Design and Simulation Module "{19F59734-0740-49E6-818D-53C1CA6B4ABE}" = NI System State Publisher "{1A5F6816-ABDF-4015-A1C5-6E519711707C}" = NI Update Service Full "{1CC6055C-CF22-4FF3-A92E-2B8F7B505173}" = NI-MDBG 1.10.0f0 "{1E5C217C-FEE5-4A54-8A07-F6308D112CB3}" = NI MXS 4.7.0 "{21EF2C48-A06F-4001-8E0B-72DCA779860F}" = NI DataSocket 4.8 "{2254CBFE-56BB-47BD-9958-5103AA58C5F7}" = NI System Web Server Base 1.0 "{25DA7708-EFB6-4AA5-BFCD-8636EE995310}" = NI LabVIEW 2010 Help "{2A1D8659-8859-4D0B-BA64-13D9BB610832}" = NI Spy API LV2010 "{2A5B53AD-B965-43FE-9E0F-C667F882111E}" = NI Update Service "{2BC9B2CE-D569-4ADC-A8A0-170F2FD57139}" = NI LabVIEW 2010 Real-Time NBFifo "{2C751795-11E7-41B4-8E42-DC361717DBCB}" = NI Software Provider for MAX 4.7.0 "{2C78C692-8614-4FF5-83B7-F1E7CBAD0BBE}" = NI mDNS Responder 1.4.0 "{2CE5E313-EC49-4527-A752-6DC89FE51C0D}" = AVR Toolchain "{33049789-BE8F-4037-BB02-51FFD4837DA5}" = NI LabVIEW 2010 "{3AC465DB-700E-4A68-9AC9-33F61A2E7ABA}" = NI Trace Engine "{3B190520-7A89-435A-93DD-2BB7ABD2306C}" = NI-PTP Sys API LVCORE "{3CEF952C-2808-4A93-BEB0-5744F48EBD5B}" = NI Curl 1.0 "{3E7D4FE9-B834-4318-9F48-DDC1F2183F56}" = NI-VISA 5.0.0 "{3FFD5CDA-2E20-4B02-8FF4-41E4389A20D4}" = NI LabVIEW 2010 "{4058873D-3915-449A-9879-17149E06EA2F}" = NI SSL Support "{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor "{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML "{41A0986C-CED7-4C93-AFF2-DC8566253B7B}" = NI MetaSuite Installer "{44CD79C3-375F-41C8-977E-97BB3E520B30}" = NI Assistant Framework "{49C6FE81-CE63-4B49-A295-7A10B96D36CD}" = NI LabVIEW 2010 Deployable License "{49CFDA54-E278-4DCF-90C2-01081627D2D3}" = NI System Configuration 1.1.1 LabVIEW Support "{4A6F12CD-3AF0-48E0-BC55-22313248381C}" = NI LabVIEW 2010 Search "{4B219D5F-024B-403B-AFEB-278FDB21DFED}" = NI LabVIEW 2010 "{4BEF4B40-BC20-4CCB-BF07-3DA9C7CA248B}" = NI Measurement & Automation Explorer 4.7.2 "{4C6F8199-E1B2-4F60-9099-A9298D8EA4D6}" = NI-MXDF 1.11.5f1 "{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0 "{55AF38A4-B9BB-4052-86D8-F6C3A2D5DB78}" = NI Portable Configuration 4.7.0 "{56C9725B-CA13-4FAE-8CDB-E70906AFAEE3}" = NI LabWindows/CVI 2009 Code Generator "{59A4D1C4-BB47-4AB5-9851-372BD1643EFD}" = NI Instrument IO Assistant for LabVIEW 2010 32-bit "{59B7E8FF-7BE3-4C91-A8E9-0D998D578329}" = NI OPC Support "{5C0BBD9F-2D3F-4093-AD7B-3F7377E0EDCA}" = NI LabVIEW Real-Time NBFifo "{6052FD3A-E988-4302-983F-642197DBDA8D}" = NI Assistant Framework LabVIEW Code Generator 2010 "{63E19B33-DD24-4EAB-9E77-6735C2171CE4}" = NI VC2005MSMs x86 "{647522DC-873A-4668-97BB-501A87D64911}" = NI-VISA 5.0.0 MAX Provider "{68989F23-08D1-4B5D-910F-CA0F8ABFA884}" = NI LabVIEW 2010 Manuals "{69C1A2B6-7268-4760-9CB3-338B0E50854A}" = NI LabVIEW 2010 MathScript RT Module License "{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant "{74C9CAE2-7D42-40C2-A0CC-15393E12AABC}" = NI LabVIEW 2010 Web Server "{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1 "{7F5571D1-1FFD-4961-99D5-97A621D69506}" = NI Uninstaller "{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8695FC18-0685-4F47-B8C4-E09BC03935C6}" = NI LabVIEW Compare Utility 10.0.0 "{86CD8FBB-39DA-4E20-B258-EC34D6437D88}" = NI-APAL 2.0 Error Files "{8875F085-4F00-4462-B52F-507E568EB75F}" = NI SSL LabVIEW 2010 Support "{8909909A-B81B-4B60-8743-5DAF092574B6}" = NI LabVIEW 2010 MathScript RT Module "{89FC36E5-5C62-499B-8207-9014C484F65C}" = NI-RPC 4.2.0f0 "{8B78F217-863F-4F1B-AFFB-3D54F7F265B8}" = NI LabVIEW 2010 "{8DA7D661-2184-4B78-8220-73F9878E9992}" = NI USI 1.8.0 "{9236C598-C94A-4D2C-BA47-CBA0B59C948F}" = NI LabVIEW 2010 Control Design MathScript Support "{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0 "{9B2011B7-191A-4D7A-83E3-7FFAC4DDD834}" = NI LabVIEW 2010 MathScript RT Module "{9CF52CBF-7F12-4194-B80B-8B73C2C03C1D}" = NI-PAL 2.5.4f0 "{9F4ACDF5-D186-4C61-BAE3-80DDEAB4CE6F}" = NI LabVIEW Run-Time Engine Interop 2010 "{A27F9884-D0F7-4788-B016-CC55FA3015D3}" = NI Logos XT Support "{A37B717A-1989-49C4-B3D3-8E275E47241D}" = NI System Configuration LV2010 1.1.1 "{A5B57591-4E0C-4EF0-8954-11781BC5CCA1}" = NI Remote PXI Provider for MAX 4.7.0 "{A999B934-1EBA-415F-BA5B-5036E0811956}" = NI Example Finder 10.0 "{AB55A100-AAC9-43EA-845E-2DCDC0D4D2B8}" = NI Math Kernel Libraries "{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{AC7E8084-2CE3-43A7-8E16-9C99B2CCC9AE}" = NI Instrument I/O Assistant "{AE48C419-918C-4ADC-89CC-4209AB0531B9}" = VISA Shared Components "{B02DF253-C315-4869-BB65-0054B0C2A0A4}" = NI LabVIEW 2010 Help File "{B1CFB647-2185-4AB9-BF38-FDD5D9B5F53B}" = NI TDMS "{B378AD16-8A9F-47B2-8225-3CB339465FAF}" = NI PXI Platform Framework 1.3.0 "{B4D09BE5-59C1-434C-85D9-DBF135A44CB6}" = NI Authentication 1.0 "{B937AF41-B4B5-44FF-8670-46110C2EFCDE}" = NI DN 2.0 SP1 installer "{BA0BB06C-DE1C-4BAD-B93F-DA77969B5461}" = NI LabVIEW 2010 "{BF903074-1312-47E4-8845-267BCA9586C2}" = NI MDF Support "{C1AC4F7A-4B50-4903-882A-D61D3D13782D}" = AVR Studio 4.19 "{C1C8BDB9-8FBA-4200-B5D4-18EB27850916}" = NI-DAQmx/LabVIEW shared documentation 1.7.5 "{C2AD80E1-9484-42F4-BA13-B3B045723ACB}" = NI Variable Engine 2.4.0 "{C5ABDECE-4381-402B-B9DC-205D9C0805AF}" = NI LabVIEW 2010 Control Design Shared VIs "{CA30E58F-D4AA-43B9-B740-29D358357B2F}" = NI LabVIEW 2010 Deployment Framework "{CAE1E75A-00F5-4876-A3D7-196F201D570E}" = NI PXI SystemAPI Expert 2.5.6 "{CCE4D322-0CBA-4C3D-8930-07A018C175D3}" = NI PXI Platform Services 2.5.6 Configuration Support "{D0409C8F-7F01-41A0-B7B2-1031D766CE53}" = NI System Configuration 1.1.2 "{D361B9E5-E918-48CB-BEC3-8E44A5F6E624}" = NI LabVIEW 2009 SP1 Run-Time Engine Web Services "{D44CDF22-660E-4248-86E6-DAF123D2FEC3}" = NI LabVIEW 2010 "{D50BA9B6-7FFE-4525-A9F2-720923086D6F}" = NI-VISA Server 5.0.0 "{D581FB60-4827-4AB0-9BF0-A1159C1D0579}" = NI License Manager "{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVR Studio 4.19 "{DA577741-C551-4922-BE55-5D7BAE229C1E}" = X-CTU "{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries "{DB68B420-5382-48EE-9A2A-CB984FEBB192}" = NI LabVIEW Web Server for Run-Time Engine "{DCA3D701-664B-4C87-9C31-2DBD47BACC2F}" = NI EULA Depot "{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface "{E0C32607-2DD4-4124-9A74-351D135FAD4B}" = NI-DSM 2010 "{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI "{E4DA55EF-5374-4E3D-B3A7-9DA930E25414}" = NI LabVIEW Web Services Runtime "{E69A31C9-F24F-4A1A-BEAD-B1AA255760C1}" = NI Registration Wizard "{E6C0EA48-8AF1-4A1C-9383-8F0706F22431}" = NI LabWindows/CVI DLL Builder for LabVIEW "{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = AVR Jungo USB "{E9A1C394-7F4D-4548-920C-6665C5E5EF5F}" = NI System Web Server 1.0 "{EA7C218C-1F5E-47AF-9FC7-4B4255B8CB43}" = NI System API Windows 32-bit 1.1.2 "{EA89F4DC-E6CA-4D8F-83BD-FD907EE95B12}" = NI MAX Remote Configuration Installer 4.7.2 "{EB938479-C529-4DDF-9EF8-A6ACA5B5358F}" = NI LabVIEW 2010 "{EBBDA379-B0B0-46DE-BF05-1EF2B171C120}" = NI Spy 2.7.2 "{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86 "{ECA841EF-06B7-42F2-973E-A4D3E30EC2FA}" = NI LabVIEW 2010 MeasAppChm File "{EE85BF19-2389-4BFD-9DDF-486BCAF2C1E2}" = NI System API Web-Servce 32-bit 1.1.0 "{EF367060-8B96-4290-BB4D-13D435408C89}" = NI LabVIEW Runtime Engine 2010 "{F2378987-F7DD-4745-A1C5-2B1C407F47E8}" = NI Remote Provider for MAX 4.7.2 "{F34AC851-2210-4F35-B2C1-43894033859C}" = NI LabVIEW 2010 "{F37CC885-1E37-4F2A-93F3-7F1E1EEBBEBB}" = NI LabVIEW Broker "{F444664E-87EE-43D1-B829-0F78D3F20C79}" = NI TDM Excel Add-In 3.2 "{F4E0C717-E1E7-4522-8B4D-A4A49001227E}" = NI-VISA Runtime 5.0.1 "{F5291772-CC4F-4CF6-82F9-CF96640C79C0}" = NI-PTP Sys API LV2010 "{F7A7C15E-EA7C-47E9-870C-6ABFF1D19EC2}" = NI Web Interface Framework 1.0 "{FE1CD326-6E7D-4EFA-A0A0-BCEDFAD18DC1}" = NI Logos LabVIEW 2010 Support "{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine "{FEC4FA99-C469-4449-98E2-6AC68D8DFDAD}" = NI PXI Platform Services 2.5.6 Expert "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "GPL Ghostscript 9.02" = GPL Ghostscript "IrfanView" = IrfanView (remove only) "MatlabR2009b" = MATLAB R2009b "MatlabR2010b" = MATLAB R2010b "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22) "NI Uninstaller" = National Instruments - Software "Totalcmd" = Total Commander (Remove or Repair) "VISASharedComponents" = VISA Shared Components "VLC media player" = VLC media player 1.1.9 "WinAVR-20100110" = WinAVR 20100110 (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.09.2011 10:03:10 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = MATLAB | ID = 0 Description = Error - 09.09.2011 10:03:56 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = MATLAB | ID = 0 Description = Error - 09.09.2011 10:04:42 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = MATLAB | ID = 0 Description = Error - 09.09.2011 11:49:09 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = MATLAB | ID = 0 Description = Error - 23.01.2012 13:16:04 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = LabVIEW | ID = 3299 Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/labview/ni example finder/1.0/niexamplefinderserver", file "c:/program files/national instruments/shared/ni webserver/www/national instruments/labview/ni example finder/1.0/niexamplefinderserver": Can't access URL . Error - 06.02.2012 11:57:03 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = LabVIEW | ID = 3299 Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/labview/ni example finder/1.0/niexamplefinderserver", file "c:/program files/national instruments/shared/ni webserver/www/national instruments/labview/ni example finder/1.0/niexamplefinderserver": Can't access URL . Error - 06.02.2012 12:00:25 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = LabVIEW | ID = 3299 Description = LabVIEW information: Error: 404 "Not Found" for "national instruments/labview/ni example finder/1.0/niexamplefinderserver", file "c:/program files/national instruments/shared/ni webserver/www/national instruments/labview/ni example finder/1.0/niexamplefinderserver": Can't access URL . Error - 08.03.2012 08:03:04 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: AVRStudio.exe, Version: 4.19.0.730, Zeitstempel: 0x4e569ce0 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b972 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001df17 ID des fehlerhaften Prozesses: 0x300 Startzeit der fehlerhaften Anwendung: 0x01ccfd235d7be129 Pfad der fehlerhaften Anwendung: C:\AVRStudio\AvrStudio4\AVRStudio.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\OLEAUT32.dll Berichtskennung: a85e8ae7-6916-11e1-ab40-406186856e21 Error - 08.03.2012 11:31:28 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = Application Hang | ID = 1002 Description = Programm AVRStudio.exe, Version 4.19.0.730 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b08 Startzeit: 01ccfd3fd93a287c Endzeit: 30 Anwendungspfad: C:\AVRStudio\AvrStudio4\AVRStudio.exe Berichts-ID: c3c844dd-6933-11e1-ac64-406186856e21 Error - 26.03.2012 11:42:22 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = LabVIEW | ID = 3299 Description = LabVIEW information: Error: 404 "Not Found" for "deletetree", file "": No handler for URL: deletetree . [ System Events ] Error - 07.05.2012 07:44:59 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = atikmdag | ID = 43029 Description = Display is not active Error - 07.05.2012 07:45:03 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne FB1 aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 07.05.2012 07:45:07 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 08.05.2012 04:04:53 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 08.05.2012 04:04:53 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = atikmdag | ID = 43029 Description = Display is not active Error - 08.05.2012 04:04:57 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne FB1 aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 08.05.2012 06:03:09 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = atikmdag | ID = 43029 Description = Display is not active Error - 08.05.2012 07:00:23 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 08.05.2012 07:00:23 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = atikmdag | ID = 43029 Description = Display is not active Error - 08.05.2012 07:00:27 | Computer Name = RT70.fb1.fhtw-berlin.de | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne FB1 aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. < End of report > |
31.05.2012, 18:55 | #2 |
/// Malware-holic | Windows-Verschlüsselungs Trojaner weiterhin schadhaft? hi
__________________da das ein uni rechner ist, lass da mal den admin drüber gucken. bitte an freunde bekannte etc diese info weiterreichen: an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert. wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ: .eml einstellen. dann bitte lesen: markusg - trojaner-board.de und mir die soeben erstellte datei zukommen lassen. wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders. bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen. sie können dann dorthin solche verdächtigen mails senden. diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.
__________________ |
Themen zu Windows-Verschlüsselungs Trojaner weiterhin schadhaft? |
32 bit, adblock, adobe, adobe flash player, compare, defender, error, excel, explorer, firefox, flash player, gruppe, install.exe, libusb0.sys, logfile, microsoft, national, netzwerk, ordner, problem, programme, registry, richtlinie, rundll, scan, searchscopes, security, software, suche, total commander, trojaner, udp, windows, winlogon, wmp |