Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess?

Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess?


Plagegeister aller Art und deren Bekämpfung: Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.07.2012, 22:44   #2
basti01
 
Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess? - Standard

Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess?


Hier noch das zweite OTL Log

Code:
ATTFilter
OTL Extras logfile created on: 21.07.2012 23:35:26 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Basti\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 4,70 Gb Available Physical Memory | 59,63% Memory free
15,77 Gb Paging File | 12,06 Gb Available in Paging File | 76,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 45,97 Gb Free Space | 30,87% Space Free | Partition Type: NTFS
 
Computer Name: NB-BASTI | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2088277626-272306347-4062320415-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{42976FDB-5756-4077-A491-095F228E99E2}" = MAGIX Low Latency Driver (64-Bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{456C3615-9777-453A-89B7-19B941F342C5}" = DameWare Mini Remote Control Service
"{49146694-5F5F-4B1F-AD15-6587F47A0FD7}" = MAGIX Burn routines (64-Bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software
"{4C5CA947-912A-4B9D-9BE3-5F394DC284A9}" = DameWare Mini Remote Control 8.0
"{4D149210-AC22-4B88-AC49-076F55300E49}" = Studio Manager 64bit
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{4EE61784-10C6-4B7C-A0B2-5BED17B05741}" = Oracle VM VirtualBox 4.1.18
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{73089240-023C-11E0-9AE3-2BA1DFD72085}" = M-Audio FastTrackPro Driver 6.0.7 (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
"{79B499B2-B976-4345-A70D-D16A7738DA1A}" = Meyer Sound Compass 2.6.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90F4251E-088E-46B4-8FC2-7C9644A19811}" = AuthenTec Fingerprint Driver
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FE16E275-3784-461D-9BA0-7310C8826050}" = Dell ControlVault Host Components Installer 64 bit
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Pen Tablet Driver" = Bamboo
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"R for Windows 2.13.0_is1" = R for Windows 2.13.0
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5
"{173A2B7F-535A-4403-A454-B41531EF0D7F}" = Remote Desktop Connection Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2FC7CE3A-23E5-41E8-975B-AA0236D649FD}" = Quicken 2012
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{450008C6-3722-4214-AB4F-9E45B57CB422}" = DDBAC
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7440N
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{49DC7D87-B9F9-4782-9386-B7F13BC75E48}" = Adobe Creative Suite 5 Design Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D149210-AC22-4B88-AC49-076F55300E49}" = Studio Manager 64bit
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7036A07A-FE2A-4920-A944-19B73D16F106}" = Duden Tipptrainer 2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{95FCC2AB-5D4C-4E6A-BB96-3A80F20D536A}" = Yamaha LS9 Editor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{A0F39EB6-933E-4329-A4C6-C58FAC13D2D7}" = MAGIX Speed burnR (MSI)
"{A4697B5E-FAA8-49FC-BAB2-A2272F82B527}" = Deutsche Post E-Porto
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C0D7A16D-50D2-44E1-AB16-37110A4B00E2}" = Official Guide to the TOEFL Test, Third Edition
"{C908A5AC-4F61-4B9A-8A51-48B5696C53B1}" = Lexware online banking
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2530AAA-D01A-42AE-9A1B-D32B959F8F62}" = Yasper
"{D437FFB6-5C49-4DAC-ABAE-33FF065FE7CC}" = Graphviz 2.28
"{D5F6F8E4-3AF6-47C2-ACC1-6208F28CF8A4}" = Samplitude Pro X Suite Download-Version
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC3989E-B443-4E62-9801-A95F89DF96C0}" = Yamaha M7CL V3 Editor
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F7466BEE-2F08-43C9-8FE4-EF3A74AA8102}" = MAPP Online Pro - Standalone
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aurora 15.0a2 (x86 en-US)" = Aurora 15.0a2 (x86 en-US)
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Bamboo Dock" = Bamboo Dock
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cinergy DT USB XS Diversity (MKII)" = Cinergy DT USB XS Diversity (MKII) V3.12.00.00a
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"ee4p_is1" = Efficient Elements for presentations 1.4.0.106
"ImgBurn" = ImgBurn
"InstallShield_{4D149210-AC22-4B88-AC49-076F55300E49}" = Studio Manager 64bit
"InstallShield_{95FCC2AB-5D4C-4E6A-BB96-3A80F20D536A}" = Yamaha LS9 Editor
"InstallShield_{DDC3989E-B443-4E62-9801-A95F89DF96C0}" = Yamaha M7CL V3 Editor
"Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox
"JDiskReport 1.4.0" = JDiskReport 1.4.0
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.18
"Loud Technologies EAW Smaart_is1" = Loud Technologies EAW Smaart v6.0
"MAGIX_MSI_SamProX_Suite" = Samplitude Pro X Suite Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mendeley Desktop" = Mendeley Desktop 1.5.1
"Mobile Partner" = Mobile Partner
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuPAD Pro 4.0_is1" = MuPAD Pro 4.0.6
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Pen Tablet Driver" = Bamboo
"ProM 6.1 6.1" = ProM 6.1
"RStudio" = RStudio
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"Trillian" = Trillian
"VCam 3.1_is1" = VCam 3.1.1
"VLC media player" = VLC media player 2.0.0
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"winscp3_is1" = WinSCP 4.3.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2088277626-272306347-4062320415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MAPP Online Pro" = MAPP Online Pro
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.05.2012 03:44:27 | Computer Name = nb-basti | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 19.05.2012 08:44:29 | Computer Name = nb-basti | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.13.0\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.13.0\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
Error - 19.05.2012 08:44:29 | Computer Name = nb-basti | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\R\r-2.13.2\Tcl\bin64\tk85.dll".Error
 in manifest or policy file "c:\program files\R\r-2.13.2\Tcl\bin64\tk85.dll" on 
line 9.  The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity"
 is invalid.
 
Error - 20.05.2012 03:31:19 | Computer Name = nb-basti | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 20.05.2012 03:31:34 | Computer Name = nb-basti | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 20.05.2012 03:31:35 | Computer Name = nb-basti | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 20.05.2012 03:31:36 | Computer Name = nb-basti | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 20.05.2012 03:31:37 | Computer Name = nb-basti | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 20.05.2012 03:31:38 | Computer Name = nb-basti | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 20.05.2012 03:31:38 | Computer Name = nb-basti | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ Media Center Events ]
Error - 26.06.2012 03:07:32 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 09:07:31 - Error connecting to the internet.  09:07:31 -     Unable 
to contact server..  
 
Error - 27.06.2012 04:09:02 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 10:09:02 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.06.2012 04:09:05 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 10:09:04 - Failed to retrieve MCEClientUX (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.06.2012 04:09:07 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 10:09:06 - Failed to retrieve Broadband (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.06.2012 05:10:32 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 11:10:32 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.06.2012 05:10:35 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 11:10:34 - Failed to retrieve MCEClientUX (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 27.06.2012 05:10:37 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 11:10:35 - Failed to retrieve Broadband (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 28.06.2012 02:36:33 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 08:36:33 - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 28.06.2012 02:36:36 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 08:36:35 - Failed to retrieve MCEClientUX (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
Error - 28.06.2012 02:36:39 | Computer Name = nb-basti | Source = MCUpdate | ID = 0
Description = 08:36:37 - Failed to retrieve Broadband (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

 
[ System Events ]
Error - 29.06.2012 11:25:52 | Computer Name = nb-basti | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR15.
 
Error - 29.06.2012 11:25:53 | Computer Name = nb-basti | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR15.
 
Error - 29.06.2012 11:25:53 | Computer Name = nb-basti | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR15.
 
Error - 29.06.2012 16:58:34 | Computer Name = nb-basti | Source = DCOM | ID = 10010
Description = 
 
Error - 02.07.2012 12:58:41 | Computer Name = nb-basti | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR11.
 
Error - 04.07.2012 15:12:42 | Computer Name = nb-basti | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.07.2012 17:50:20 | Computer Name = nb-basti | Source = DCOM | ID = 10010
Description = 
 
Error - 06.07.2012 03:22:56 | Computer Name = nb-basti | Source = DCOM | ID = 10016
Description = 
 
Error - 06.07.2012 03:31:23 | Computer Name = nb-basti | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network.  The IP address
 of  the computer that sent the message is in the data. Use nbtstat -n in a  command
 window to see which name is in the Conflict state.
 
Error - 06.07.2012 12:20:16 | Computer Name = nb-basti | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
 
 
< End of report >

Und im Anhang noch das Log von Avira.... der hat doch noch einiges gefunden
__________________

Geändert von basti01 (21.07.2012 um 23:15 Uhr)

 

Themen zu Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess?
'tr/atraps.gen', 80000000.@, 800000cb.@, adobe, antivir, askbar, avg, avira, bho, bonjour, continue, entfernen, firefox, flash player, format, helper, hängen, internet, intranet, jdownloader, langs, log-datei, logfile, mozilla, nicht sicher, nvpciflt.sys, plug-in, problem, programm, registry, scan, searchscopes, security, software, spotify web helper, system, trojan, usb, virtualbox, windows


« GVU - Trojaner | rechter mausklick funktioniert nicht »


Ähnliche Themen: Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess?


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Live Security Platinum - leider mal wieder
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (33)
  3. Live Security Platinum
    Log-Analyse und Auswertung - 28.09.2012 (8)
  4. Live Security Platinum eingefangen - wie werde ich den wieder los?
    Log-Analyse und Auswertung - 20.09.2012 (28)
  5. Rootkit.0Access + Live security Premium gleichzeitig: ist das system jetzt wieder ok ?
    Log-Analyse und Auswertung - 20.09.2012 (7)
  6. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  7. Der Metz wieder: live security platinum legt Rechner Lahm
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (9)
  8. Nach löschen von Live Security Platinum System sauber?
    Log-Analyse und Auswertung - 06.09.2012 (33)
  9. Live Security Platinum und dessen Anhang - mal wieder
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (1)
  10. Trojaner, evtl. Rootkit / Live Security Platinum
    Log-Analyse und Auswertung - 29.08.2012 (1)
  11. Live Security Platinum
    Log-Analyse und Auswertung - 04.08.2012 (5)
  12. Live Security Platinum nach System-Neuinstallation wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  13. Live Security Platinum wieder entfernen?
    Log-Analyse und Auswertung - 24.07.2012 (27)
  14. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  15. Live Security Platinum - evtl. Gefahr für Online-Banking? Bin ahnungslos...
    Log-Analyse und Auswertung - 09.07.2012 (1)
  16. Live Security Platinum - Malwarebytes meldet Löschung von 3 infizierten Dateien, sind aber wieder da
    Log-Analyse und Auswertung - 04.07.2012 (27)
  17. PC wiederholt verseucht mit "Live Security Platinum", jetzt wieder sauber?
    Log-Analyse und Auswertung - 21.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess? - Hier noch das zweite OTL Log Code: Alles auswählen Aufklappen ATTFilter OTL Extras logfile created on: 21.07.2012 23:35:26 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Basti\Desktop - Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess?...
Archiv
Du betrachtest: Live Security Platinum - Wie System wieder sauber bekommen? Evtl. ZeroAccess? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19