| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gruppenrichtlinie blockt AntiVirWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.05.2013, 19:28
| #1 |
| |  Gruppenrichtlinie blockt AntiVir Hallo, ich habe gestern automatisch über das UpdateCenter von Windows ein Update von WindowsVista heruntergeladen, welches sich dann beim Hochfahren auch installiert hat. Kurz danach kam unten in der Taskleiste die Information über das Sicherheitscenter, dass der Virenscanner (AntiVir) nicht aktiviert sei. Dabei ist mir aufgefallen, dass das Symbol des Virenscanners auch nicht in der Taskleiste erscheint. Also habe ich versucht den Virenscanner zu öffnen. Dabei kam die Fehlermeldung, dass dieses Programm durch eine Gruppenrichtlinie geblockt sei und man nähere Informationen beim Systemadministrator erhalten würde. Ich habe folgende Vista Version: WindowsVista Home Premium SP2. Jetzt die Frage: Hat das Windows Update eine Veränderung vorgenommen oder handelt es sich doch um einen Trojaner/Virus etc. ?? Vielen Dank im Vorraus!! OTL hat mir keine extras.txt erstellt! OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.05.2013 19:27:35 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,29% Memory free 6,19 Gb Paging File | 5,02 Gb Available in Paging File | 81,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,09 Gb Total Space | 118,87 Gb Free Space | 41,26% Space Free | Partition Type: NTFS Computer Name: ************ | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) PRC - C:\Programme\BurnAware Professional\nmsaccessu.exe () PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe () MOD - C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll () MOD - C:\Programme\Winamp\winampa.exe () MOD - C:\Programme\FinePixViewer\wia_register_event.dll () MOD - C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll () MOD - C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (NMSAccessU) -- C:\Programme\BurnAware Professional\nmsaccessu.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) ========== Driver Services (SafeList) ========== DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys () DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\..\URLSearchHook: {a51a36e6-31e7-4838-9ff7-76298b527ec0} - No CLSID value found IE - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\..\SearchScopes\{0C3FBFD3-3447-440A-98C9-091C3092D6E7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5AD57B42-90CF-4D12-B65A-2C3E6A2499BC&apn_sauid=37D9786D-5F16-45F2-97CD-F72589DC8B7C IE - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.27 12:47:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.15 17:35:11 | 000,000,000 | ---D | M] [2011.11.27 12:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2009.11.18 18:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.01.03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\ca5ij90w.default\searchplugins\askcom.xml [2013.03.02 20:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.09.15 17:35:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.11.21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.27 15:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3975356899-757886015-3757521283-1004..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-3975356899-757886015-3757521283-1004..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-3975356899-757886015-3757521283-1004..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-3975356899-757886015-3757521283-1004..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O7 - HKU\S-1-5-21-3975356899-757886015-3757521283-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71D2C8AD-2DAB-46F3-BAC8-4E5833229C12}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ABBBC40-5F9B-4C7C-9BFA-57B09F350444}: DhcpNameServer = 132.231.51.4 132.231.1.24 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{253fc9f5-c4ba-11de-a2e8-001377acf996}\Shell - "" = AutoRun O33 - MountPoints2\{253fc9f5-c4ba-11de-a2e8-001377acf996}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{253fc9f7-c4ba-11de-a2e8-001377acf996}\Shell - "" = AutoRun O33 - MountPoints2\{253fc9f7-c4ba-11de-a2e8-001377acf996}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d1ff7e73-4bd4-11df-a6f2-001377acf996}\Shell - "" = AutoRun O33 - MountPoints2\{d1ff7e73-4bd4-11df-a6f2-001377acf996}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{fa1b3db6-c0aa-11de-8758-001377acf996}\Shell - "" = AutoRun O33 - MountPoints2\{fa1b3db6-c0aa-11de-8758-001377acf996}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fa1b3dbc-c0aa-11de-8758-001377acf996}\Shell - "" = AutoRun O33 - MountPoints2\{fa1b3dbc-c0aa-11de-8758-001377acf996}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fa1b3dc8-c0aa-11de-8758-001377acf996}\Shell - "" = AutoRun O33 - MountPoints2\{fa1b3dc8-c0aa-11de-8758-001377acf996}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fa1b3dcb-c0aa-11de-8758-001377acf996}\Shell - "" = AutoRun O33 - MountPoints2\{fa1b3dcb-c0aa-11de-8758-001377acf996}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.15 23:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.15 23:50:01 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.15 23:50:01 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.15 23:50:01 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.15 23:50:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.15 23:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.15 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.05.15 21:35:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.05.15 17:47:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2013.05.15 17:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.15 17:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.15 17:47:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.15 17:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.06 12:20:22 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Studium [2013.04.27 21:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.27 20:58:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Ihis [2013.04.27 20:58:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Ixbayg [2013.04.27 20:58:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Inbota ========== Files - Modified Within 30 Days ========== File not found -- C:\Users\*****\Desktop\Versicherungsrechtliche Beurteilung von beschäftigten Studenten [2013.05.16 19:06:50 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.16 19:06:50 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.16 19:06:43 | 000,204,049 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.05.16 17:42:52 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job [2013.05.16 17:14:15 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.16 17:14:15 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.16 17:14:15 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.16 17:14:15 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.16 17:10:13 | 000,204,049 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.05.16 17:06:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.16 17:06:42 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys [2013.05.16 00:01:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.15 23:50:14 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.15 23:49:13 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.15 23:49:12 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.15 23:49:12 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.15 23:49:12 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.15 23:37:05 | 002,092,792 | ---- | M] () -- C:\Users\*****\Desktop\avira_free_antivirus.exe [2013.05.15 21:43:07 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe [2013.05.15 21:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.05.15 21:10:42 | 102,323,272 | ---- | M] () -- C:\Users\*****\Desktop\avira_free3640_antivirus_de.exe [2013.05.15 17:47:13 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.15 17:27:08 | 000,377,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.14 23:22:46 | 000,000,572 | ---- | M] () -- C:\Users\*****\AppData\Roaming\burnaware.ini ========== Files Created - No Company Name ========== File not found -- C:\Users\*****\Desktop\Versicherungsrechtliche Beurteilung von beschäftigten Studenten [2013.05.15 23:50:14 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.15 23:42:50 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys [2013.05.15 23:37:00 | 002,092,792 | ---- | C] () -- C:\Users\*****\Desktop\avira_free_antivirus.exe [2013.05.15 21:43:06 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe [2013.05.15 21:07:40 | 102,323,272 | ---- | C] () -- C:\Users\*****\Desktop\avira_free3640_antivirus_de.exe [2013.05.15 17:47:13 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.09 20:02:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.03.09 20:02:59 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2013.01.09 22:46:50 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini [2013.01.09 22:46:32 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2013.01.09 22:46:32 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2013.01.09 22:46:32 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2013.01.09 22:46:32 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2012.02.26 14:43:01 | 000,000,964 | ---- | C] () -- C:\Windows\wiso.ini [2012.01.31 02:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.01.31 02:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.01.31 02:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.01.31 02:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.01.31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.21 22:07:08 | 000,000,992 | ---- | C] () -- C:\Windows\eReg.dat [2010.09.21 20:52:02 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2009.10.24 16:44:48 | 000,047,104 | ---- | C] () -- C:\Program Files\1031.MST [2009.04.26 18:51:24 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2009.03.03 23:49:39 | 000,000,572 | ---- | C] () -- C:\Users\*****\AppData\Roaming\burnaware.ini [2009.02.08 01:54:27 | 000,236,544 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.05 23:32:49 | 000,426,749 | ---- | C] () -- C:\Users\*****\MP3DVD2-08-09-28.nri [2009.01.05 23:32:49 | 000,414,331 | ---- | C] () -- C:\Users\*****\MP3DVD1-08-09-28.nri [2009.01.05 23:32:49 | 000,316,545 | ---- | C] () -- C:\Users\*****\MP3DVD4-08-09-28-II.nri [2009.01.05 23:32:49 | 000,267,538 | ---- | C] () -- C:\Users\*****\MP3DVD1-08-09-28-II.nri [2009.01.05 23:32:49 | 000,229,377 | ---- | C] () -- C:\Users\*****\MP3DVD3-08-09-28-II.nri [2009.01.05 23:32:49 | 000,220,168 | ---- | C] () -- C:\Users\*****\MP3DVD2-08-09-28-II.nri [2009.01.05 23:32:49 | 000,038,834 | ---- | C] () -- C:\Users\*****\MP3CDCar2-080923.nri [2009.01.05 23:32:49 | 000,037,002 | ---- | C] () -- C:\Users\*****\ISO1.nri [2009.01.05 23:32:49 | 000,032,103 | ---- | C] () -- C:\Users\*****\MP3CDCar1-080923.nri [2009.01.05 23:32:49 | 000,012,081 | ---- | C] () -- C:\Users\*****\House.nra [2009.01.05 23:30:18 | 730,101,878 | ---- | C] () -- C:\Users\*****\Image.nrg [2009.01.05 23:25:23 | 000,000,678 | ---- | C] () -- C:\Users\*****\Beispielbilder.lnk [2008.12.25 23:10:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.06.25 07:36:36 | 000,204,049 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.25 07:36:12 | 000,204,049 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.16 00:38:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bony [2012.02.26 14:45:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service [2013.03.19 23:59:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ceeqys [2012.11.04 12:17:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\doctronic [2012.10.13 12:24:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2009.03.08 23:55:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FUJIFILM [2013.04.27 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ihis [2013.05.15 17:49:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Inbota [2013.05.15 17:58:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ixbayg [2010.05.10 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\KlarMobile XS Manager [2009.02.23 23:10:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech [2013.03.20 21:51:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Luvyom [2012.12.07 09:52:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung [2012.07.01 16:56:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\temp [2009.10.24 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Vodafone [2012.10.13 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WordToPDF [2011.04.12 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Notebook-Shop\AppData\Roaming\FUJIFILM [2009.10.27 14:55:57 | 000,000,000 | ---D | M] -- C:\Users\Notebook-Shop\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > Die GMER Auswertung habe ich versucht anzuhängen, aber die ist mit 1,6 MB deutlich zu groß --> was falsches angeklickt? Geändert von blacksun86 (16.05.2013 um 19:46 Uhr) |
| Themen zu Gruppenrichtlinie blockt AntiVir |
| alert, antivir, avira, bho, defender, error, explorer, fehlermeldung, firefox, frage, google, gruppe, helper, home, logfile, microsoft, nvidia, opera, plug-in, programm, programme, realtek, registry, richtlinie, scan, software, systemadministrator, taskleiste, trojaner/virus, windows, windowsvista |
Baum-Darstellung