| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
05.07.2012, 19:21
| #1 |
| |  Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe Guten Abend! Leider bin auch ich dem Bundespolizei-Trojaner auf dem Leim gegangen und hoffe in diesem Forum auf individuelle Hilfe. Natürlich habe ich mich durch diverse Threads diesbezüglich gelesen, jedoch wird gewarnt vor "Nachahmung". Deshalb erstelle ich noch einen Thread mit diesem, wohl schon leidigen, Thema. Win7 64bit Laptop von ASUS. Die Anleitung habe ich durchgearbeitet. Meine Schritte sahen wie folgt aus: Internetverbindung sofort gekappt, 0_0u_l.exe auch tatsächlich im Temp Ordner gefunden. Neuen Benutzer angelegt und von dort aus Anti-Malware durchlaufen lassen. Prompt gab es zwei Warnungen, die ich mit Anti-Malware gelöscht habe, nach einem Reboot. Die Anti-Malware Logdatei (mir ist bewusst, dass die Datenbank nicht aktuell ist, aber sobald ich das LAN Kabel anschließe und updaten will, bricht der Prozess ab. Deshalb auch erstmal mit alter Datenbank probiert): Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.05.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Anti :: LUKAS-PC [administrator] Protection: Enabled 05.07.2012 18:35:15 mbam-log-2012-07-05 (18-35-15).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 446994 Time elapsed: 51 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\Lukas\AppData\Local\Temp\0_0u_l.exe (Trojan.Agent) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Lukas\AppData\Local\Temp\0_0u_l.exe (Trojan.Agent) -> Delete on reboot. (end) Code:
ATTFilter OTL logfile created on: 7/5/2012 7:51:24 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Anti\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.91 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.19% Memory free 11.83 Gb Paging File | 10.40 Gb Available in Paging File | 87.97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 30.76 Gb Free Space | 26.41% Space Free | Partition Type: NTFS Drive D: | 327.83 Gb Total Space | 303.07 Gb Free Space | 92.45% Space Free | Partition Type: NTFS Computer Name: LUKAS-PC | User Name: Anti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/04 23:44:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/05/09 19:51:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/04/20 16:53:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe PRC - [2011/03/04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/02/19 03:07:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/10/07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010/09/24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010/08/17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010/04/27 17:06:02 | 000,138,072 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe PRC - [2010/04/27 16:57:32 | 000,247,152 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/07/31 20:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ========== Modules (No Company Name) ========== MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010/09/24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010/04/27 17:06:02 | 000,138,072 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/11/30 23:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010/04/17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/06/24 17:58:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/04 17:20:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/05/09 19:51:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/04/20 16:53:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC) SRV - [2011/02/19 03:07:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/04/27 16:57:32 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/19 20:41:36 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/08 10:54:56 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/07/04 17:20:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/07/04 17:20:50 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/05/20 22:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03) DRV:64bit: - [2011/05/20 22:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02) DRV:64bit: - [2011/05/20 22:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01) DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/19 03:07:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010/12/13 15:12:39 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/10/14 18:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010/09/21 19:59:37 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010/09/14 04:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/09/07 11:19:37 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2010/08/03 12:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010/06/23 03:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/03/02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/01/05 11:31:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2010/01/05 11:31:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2010/01/05 11:31:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2010/01/05 11:31:34 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009/07/21 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010/07/26 13:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/01 11:19:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 12\spmplugin3 [2012/03/06 18:33:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 17:58:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 10:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/27 10:50:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/03/21 13:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/24 17:58:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/13 12:44:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/06/24 17:58:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/24 17:58:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/24 17:58:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/24 17:58:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/24 17:58:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/24 17:58:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 12\SPMIEToolbar.dll (Steganos Software GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Password Manager 12\SPMIEToolbar.dll (Steganos Software GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D2AA82-5126-483A-837D-ACE31E1715F6}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE5579CC-F5A7-4729-B4D9-E5148A8C8DEC}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/05 19:36:14 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\Power2Go [2012/07/05 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Malwarebytes [2012/07/05 18:26:16 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Anti\Desktop\malwarebytes_antimalware_1.61.exe [2012/07/05 18:26:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe [2012/07/05 18:25:20 | 000,000,000 | R--D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/07/05 18:25:20 | 000,000,000 | R--D | C] -- C:\Users\Anti\Searches [2012/07/05 18:25:20 | 000,000,000 | R--D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/07/05 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Identities [2012/07/05 18:25:10 | 000,000,000 | R--D | C] -- C:\Users\Anti\Contacts [2012/07/05 18:25:08 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\VirtualStore [2012/07/05 18:25:02 | 000,000,000 | --SD | C] -- C:\Users\Anti\AppData\Roaming\Microsoft [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Videos [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Saved Games [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Pictures [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Music [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Links [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Favorites [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Downloads [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Documents [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Desktop [2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Vorlagen [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\AppData\Local\Verlauf [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\AppData\Local\Temporary Internet Files [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Startmenü [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\SendTo [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Recent [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Netzwerkumgebung [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Lokale Einstellungen [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Documents\Eigene Videos [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Documents\Eigene Musik [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Eigene Dateien [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Documents\Eigene Bilder [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Druckumgebung [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Cookies [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\AppData\Local\Anwendungsdaten [2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Anwendungsdaten [2012/07/05 18:25:02 | 000,000,000 | -H-D | C] -- C:\Users\Anti\AppData [2012/07/05 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\Temp [2012/07/05 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\Microsoft [2012/07/05 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Media Center Programs [2012/07/05 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2012/07/05 00:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KillProcess [2012/07/04 23:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/04 23:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/04 23:00:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/04 23:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2012/07/04 21:49:52 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2012/07/04 21:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2012/07/04 21:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2012/07/04 20:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012/07/04 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager ========== Files - Modified Within 30 Days ========== [2012/07/05 19:43:13 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/05 19:43:13 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/05 19:35:52 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe [2012/07/05 19:35:50 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2012/07/05 19:35:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/05 19:35:37 | 467,546,111 | -HS- | M] () -- C:\hiberfil.sys [2012/07/05 18:34:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012/07/05 00:29:03 | 000,002,118 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/07/05 00:28:50 | 000,001,264 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/07/04 23:44:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe [2012/07/04 22:52:54 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Anti\Desktop\malwarebytes_antimalware_1.61.exe [2012/07/04 21:50:12 | 000,000,028 | ---- | M] () -- C:\Windows\Lic.xxx [2012/07/04 21:49:51 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2012/07/04 20:43:48 | 001,644,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/04 20:43:48 | 000,708,494 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/07/04 20:43:48 | 000,663,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/04 20:43:48 | 000,152,098 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/07/04 20:43:48 | 000,125,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/04 19:58:24 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll [2012/07/04 19:58:06 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe [2012/06/15 09:52:39 | 000,295,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/07/05 18:25:26 | 000,001,411 | ---- | C] () -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/07/05 18:25:21 | 000,001,405 | ---- | C] () -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/07/04 21:50:12 | 000,000,028 | ---- | C] () -- C:\Windows\Lic.xxx [2012/07/04 19:51:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2011/08/04 21:44:40 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\~bwcrc32.dll [2011/07/12 19:15:57 | 001,621,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/01 14:47:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/04/20 21:25:40 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011/04/20 17:23:49 | 000,000,748 | ---- | C] () -- C:\Windows\ODBC.INI [2011/03/26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/03/26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/03/02 15:28:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011/03/02 14:52:41 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011/03/02 13:47:19 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2011/03/02 13:45:50 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2010/11/28 15:21:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012/03/08 10:42:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 7/5/2012 7:51:24 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Anti\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5.91 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.19% Memory free
11.83 Gb Paging File | 10.40 Gb Available in Paging File | 87.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 30.76 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 303.07 Gb Free Space | 92.45% Space Free | Partition Type: NTFS
Computer Name: LUKAS-PC | User Name: Anti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16F625EA-0981-495F-94E6-7D82700C886E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{23731520-740C-4376-B767-B1D4C883A406}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E6827E4-592C-4953-82B2-369939055383}" = rport=137 | protocol=17 | dir=out | app=system |
"{3316A4EF-B4F0-44F2-9977-5BA67089E3D4}" = lport=138 | protocol=17 | dir=in | app=system |
"{3433B914-EDC0-455C-B46E-182965431F6E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3A291D19-B7EC-4B61-AF3A-474D40883297}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E4B8FC7-DF1C-4350-BA85-3DC5138757F1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3FD05CBC-E028-43E9-B5E9-DF360BDCA290}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51596747-A0B0-4CE6-A8CF-E36F771194DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56E078B1-AC9F-45C4-945A-4D63A96FE49A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6906B3EF-7B05-4126-9CB8-273D7BF0C03B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{75894118-4D58-4E5C-BACC-B18BF0E14FF5}" = rport=445 | protocol=6 | dir=out | app=system |
"{79AE04E8-A7DF-43C7-9094-29207CB92947}" = lport=445 | protocol=6 | dir=in | app=system |
"{821A27DD-94E5-4B90-ADDC-2A918BAE5DB6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A4D89600-0F65-4627-8D4A-2F471A249A19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4F00A87-1281-4940-985A-207ADD382B5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2A6EFFE-218F-484B-8907-1C5205992DEA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B39DD0F5-D8F0-40E9-8A70-A58B8BE8DA48}" = rport=138 | protocol=17 | dir=out | app=system |
"{C0284FAB-400C-494D-A65F-BEE8A8D8E14B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C79F7173-F40D-4883-8252-506D707FE1CE}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{CBE5BCB3-E310-44FC-93E5-8192A72C74CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D0C39F83-B55E-4E9C-985E-78F305F83562}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9596E72-26FE-4A0C-8A6E-BF3A5E5718D3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E5C1FAD0-6BDA-4882-851D-AD9B04F4972C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0D7DBC4-521B-48D6-8CC5-09DC44C62511}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB695C18-7348-4C0E-9190-459549A23A7A}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088132A0-6A05-4D68-A4AC-9AB89FE7262C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{11044CAF-DE6C-4DD5-8A02-E56C077B1E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E63C8D4-B4EB-4F64-93E3-11022841F5BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41565768-6792-4CE7-86D8-EEB7B521028E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41705802-E8DD-4F17-9CCD-3D3652F8FA3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{49283D01-5F98-4785-81E5-279EC520F86A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{4A4D1501-9421-43AB-B1F4-068B8A54CCAF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{514F7D17-E034-484A-A848-8E20E2985DF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{54D80437-AB56-40A5-A70C-5BE950E2D826}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62002EB9-EAD8-4CCB-B346-BA67B11833C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{729486FF-6AEB-4041-AEE3-91D571254F74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D91DF39-4E6F-40BD-89B9-F381B6E49769}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{89437D59-398E-4980-9B0A-91D69A2062B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AF8689D-2BB0-4D19-BF99-FE14DB0DF69C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B993DDA-F68A-463E-8778-35DE2D3969DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D2E56DF-4014-400E-96A1-702E248F6DB1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3AA7D61-4400-4AD6-8313-B1D057D9596D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C282FB32-3F86-4B7E-9D59-B93D45D69B00}" = protocol=6 | dir=out | app=system |
"{C8CA90B5-06D8-4659-9C98-D880D13EBD7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CEC539BF-0834-4260-93CB-1FA0C36051CF}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{E86CE745-7F89-45B4-B771-2EC64629AD16}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EB7313BF-63D9-4BFA-B12D-5658E19E41BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0FD6F1-08BD-4A2B-8489-21546DCF91A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD6EA4F7-1A70-402C-B73E-92D37E421893}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{026118E9-6166-4C93-B44A-496146A2A1B8}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"TCP Query User{23BB865F-A944-4751-ADD8-09951DD715ED}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{93F166D4-DDFB-4FA7-8AEF-C74E750D6CCD}D:\aoe2+exp [portable]\age2_x1.exe" = protocol=6 | dir=in | app=d:\aoe2+exp [portable]\age2_x1.exe |
"TCP Query User{96A2EE4F-27C1-4E59-AC9F-17DB8355E1F8}D:\aoe2+exp [portable]\age2_x1.exe" = protocol=6 | dir=in | app=d:\aoe2+exp [portable]\age2_x1.exe |
"TCP Query User{B5E173F5-9911-4F8F-8321-2D1D19F39150}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{E6001D5B-7525-48A7-A57E-F804E73BEF8C}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{2B60C3A9-B4FB-4BA3-8D83-92E1E0C6F78E}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"UDP Query User{58D1861B-4DAA-4A75-AD75-AE9525AE1268}D:\aoe2+exp [portable]\age2_x1.exe" = protocol=17 | dir=in | app=d:\aoe2+exp [portable]\age2_x1.exe |
"UDP Query User{699E1736-8509-4F05-9DA4-FA83EF104ECA}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{956E7C96-69BC-4E5A-9936-D025BB1EE6B1}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{C32ADDBF-8716-4D10-8F21-60CDECB5CE26}D:\aoe2+exp [portable]\age2_x1.exe" = protocol=17 | dir=in | app=d:\aoe2+exp [portable]\age2_x1.exe |
"UDP Query User{CBC0D6D0-0658-42A9-A8AE-9FC9217ABFA1}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"DesktopIconAmazon" = Desktop Icon für Amazon
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B663B1E-5188-4CE6-978D-83636D3A8932}" = mccPILOTLOG
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B812ECDF-79CF-4066-9883-46066160FB58}" = Access 2003 Runtime Installation
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C009A918-0C06-45B3-AEF6-B1057307A643}" = Steganos Password Manager 12
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CHControlManager_is1" = CH Control Manager Software
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Free YouTube Download_is1" = Free YouTube Download version 3.1.26.504
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"KillProcess" = KillProcess 2.44
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"Security Task Manager" = Security Task Manager 1.8d
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"TrueCrypt" = TrueCrypt
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/24/2012 2:23:35 PM | Computer Name = Lukas-PC | Source = Application Hang | ID = 1002
Description = Programm Photoshop.exe, Version 7.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b00 Startzeit:
01cd39da45cc57ae Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Adobe\Photoshop
7.0\Photoshop.exe Berichts-ID: 91514387-a5cd-11e1-83db-bcaec55fdaa6
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:36 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:36 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:36 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:36 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = DCOM | ID = 10005
Description =
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = DCOM | ID = 10005
Description =
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Ich hoffe hiermit alle nötigen Schritte getan zu haben, um den Virenkampf zu eröffnen - mit eurer Hilfe! Grüße Lukas |
|
05.07.2012, 19:43
| #2 |
| /// Malware-holic   | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe hi
__________________bitte im infizierten konto anmelden, internet sollte wieder gehen. für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ |
|
05.07.2012, 20:28
| #3 |
| | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe Der cache ist hochgeladen. Leider doppelt, da ich beim ersten mein Avira noch angeschaltet hatte. Vorsichtshalber deshalb zweimal.
__________________Internet scheint tatsächlich wieder zu funktionieren! |
|
05.07.2012, 20:47
| #4 | |
| /// Malware-holic | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe hi, danke dir Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2012, 21:13
| #5 |
| | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe Hier ist die Logdatei: Code:
ATTFilter ComboFix 12-07-05.04 - Lukas 05.07.2012 21:58:21.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6056.4131 [GMT 2:00]
ausgeführt von:: c:\users\Lukas\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-05 bis 2012-07-05 ))))))))))))))))))))))))))))))
.
.
2012-07-05 16:25 . 2012-07-05 16:25 -------- d-----w- c:\users\Anti
2012-07-04 22:38 . 2012-07-04 22:38 -------- d-----w- c:\users\Lukas\AppData\Roaming\KillProcess
2012-07-04 22:35 . 2012-07-04 22:35 -------- d-----w- c:\program files (x86)\KillProcess
2012-07-04 21:00 . 2012-07-04 21:00 -------- d-----w- c:\users\Lukas\AppData\Roaming\Malwarebytes
2012-07-04 21:00 . 2012-07-04 21:00 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 21:00 . 2012-07-04 21:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 21:00 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 19:51 . 2012-07-04 19:51 -------- d---a-w- c:\windows\VDLL.DLL
2012-07-04 19:51 . 2012-07-04 19:51 -------- d---a-w- c:\windows\SysWow64\runouce.exe
2012-07-04 19:51 . 2012-07-04 19:51 -------- d---a-w- c:\windows\rundll16.exe
2012-07-04 19:51 . 2012-07-04 19:51 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-07-04 19:51 . 2012-07-04 19:51 -------- d---a-w- c:\windows\logo1_.exe
2012-07-04 19:51 . 2012-07-04 19:51 -------- d---a-w- c:\windows\logo_1.exe
2012-07-04 19:49 . 2012-07-04 19:49 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2012-07-04 19:49 . 2012-07-04 19:49 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2012-07-04 19:49 . 2012-07-04 19:49 34048 ----a-w- c:\windows\SysWow64\eEmpty.exe
2012-07-04 19:49 . 2012-07-04 19:49 -------- d-----w- c:\program files (x86)\Common Files\MicroWorld
2012-07-04 19:49 . 2012-07-04 19:49 -------- d-----w- c:\programdata\MicroWorld
2012-07-04 18:23 . 2012-07-04 22:34 -------- d-----w- c:\programdata\SecTaskMan
2012-07-04 18:23 . 2012-07-04 18:23 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-07-03 14:43 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{337821B3-F988-4776-9233-9A8A83641A11}\mpengine.dll
2012-06-24 15:58 . 2012-06-24 15:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-24 15:58 . 2012-06-24 15:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-22 10:06 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 10:06 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 10:06 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 10:06 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 10:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 10:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 10:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 10:06 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 10:06 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 18:48 . 2012-06-16 18:48 -------- d-----w- c:\users\Lukas\CH Control Manager
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:04 . 2011-03-02 11:45 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-07-05 20:03 . 2011-04-20 14:54 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-07-04 17:58 . 2011-03-02 11:47 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-07-04 17:58 . 2011-03-02 11:45 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-04-19 18:41 . 2012-04-19 18:10 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-04-18 11:49 . 2012-05-06 17:47 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-12-16 220744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-7 110592]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-3-2 12862]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-19 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-09 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-19 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-17 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2010-04-27 247152]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys [2011-05-20 251224]
S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys [2011-05-20 13016]
S3 chdrvr03;chdrvr03;c:\windows\system32\DRIVERS\chdrvr03.sys [2011-05-20 17496]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-08 254528]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.lukasruppelt.de/
mStart Page = hxxp://asus.msn.com
IE: Free YouTube Download - c:\users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Lukas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\5j9yqhsy.default\
FF - prefs.js: browser.startup.homepage - www.airliners.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-05 22:09:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-05 20:09
.
Vor Suchlauf: 10 Verzeichnis(se), 32.794.697.728 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 32.638.083.072 Bytes frei
.
- - End Of File - - F5D2BB4B03A9AAD87B4FB1B44F9F4248
|
|
06.07.2012, 10:28
| #6 |
| /// Malware-holic | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe öffne malwarebytes, update, und dann kompletten scan ausführen
__________________ --> Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe |
|
06.07.2012, 11:53
| #7 |
| | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exeCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Lukas :: LUKAS-PC [Administrator] Schutz: Aktiviert 06.07.2012 11:39:07 mbam-log-2012-07-06 (11-39-07).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 449250 Laufzeit: 1 Stunde(n), 6 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
06.07.2012, 17:24
| #8 |
| /// Malware-holic | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe jepp. lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.07.2012, 19:02
| #9 |
| | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exeCode:
ATTFilter Access 2003 Runtime Installation MIE Software 28.09.2011 147KB 1.0.0000 unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 02.03.2011 10.0.42.34 unbekannt Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 31.10.2011 6,00MB 11.0.1.152 notwendig Adobe Photoshop 7.0 Adobe Systems, Inc. 07.06.2011 7.0 notwendig Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 16.06.2011 165MB 10.1.0 notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 16.04.2012 11.6.4.634 unbekannt ASUS AI Recovery ASUS 02.03.2011 6,95MB 1.0.13 notwendig ASUS FancyStart ASUSTeK Computer Inc. 02.03.2011 12,0MB 1.0.8 notwendig ASUS Power4Gear Hybrid ASUS 02.03.2011 13,2MB 1.1.43 notwendig ASUS SmartLogon ASUS 02.03.2011 10,9MB 1.0.0008 notwendig ASUS Virtual Camera asus 02.03.2011 3,12MB 1.0.20 notwendig ATK Package ASUS 28.04.2011 12,0MB 1.0.0007 notwendig Avira AntiVir Personal - Free Antivirus Avira GmbH 15.02.2012 69,3MB 10.2.0.707 notwendig CCleaner Piriform 22.06.2012 3.20 unnötig CH Control Manager Software 16.06.2012 notwendig CyberLink LabelPrint CyberLink Corp. 02.03.2011 137MB 2.5.1908 notwendig CyberLink Power2Go CyberLink Corp. 02.03.2011 110MB 6.1.3602c notwendig DAEMON Tools Lite DT Soft Ltd 08.07.2011 4.40.2.0131 notwendig Desktop Icon für Amazon 07.02.2012 1.0.1 (de) unnötig DivX-Setup DivX, LLC 06.10.2011 2.6.0.34 notwendig EAX4 Unified Redist Creative Labs 05.05.2011 168KB 4.001 unbekannt ElsterFormular Landesfinanzdirektion Thüringen 25.04.2012 160MB 13.2.0.8623p notwendig ETDWare PS/2-X64 8.0.5.0_WHQL ELAN Microelectronic Corp. 02.03.2011 8.0.5.0 unbekannt Fast Boot ASUS 02.03.2011 1,46MB 1.0.8 notwendig Free YouTube Download version 3.1.26.504 DVDVideoSoft Ltd. 06.05.2012 82,0MB 3.1.26.504 unnötig Intel(R) Control Center Intel Corporation 21.04.2011 1.2.1.1007 notwendig Intel(R) Processor Graphics Intel Corporation 12.06.2011 8.15.10.2291 notwendig Intel(R) Turbo Boost Technology Monitor Intel 02.03.2011 2,15MB 1.0.400.4 notwendig Java(TM) 7 Update 5 Oracle 06.07.2012 99,3MB 7.0.50 notwendig JavaFX 2.1.1 Oracle Corporation 06.07.2012 20,8MB 2.1.1 unbekannt Join Air ZTE Corporation 10.04.2012 1.0.0.2 notwendig LEGO Digital Designer LEGO A/S 20.06.2011 notwendig Mahjongg dimensions Oberon Media Inc. 02.03.2011 notwendig Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 04.07.2012 18,0MB 1.61.0.1400 notwendig mccPILOTLOG MCC bvba 04.08.2011 97,3MB 1.4.4 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 21.04.2011 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 12.07.2011 51,9MB 4.0.30319 unbekannt Microsoft Flight Simulator X: Acceleration Microsoft Game Studios 03.08.2011 10.0.61637.0 notwendig Microsoft Office 2010 Microsoft Corporation 02.03.2011 6,31MB 14.0.4763.1000 notwendig Microsoft Office Access 2003 Runtime Microsoft Corporation 13.05.2012 235MB 11.0.8173.0 unbekannt Microsoft Office XP Professional Microsoft Corporation 16.06.2011 334MB 10.0.6626.0 notwendig Microsoft Silverlight Microsoft Corporation 13.05.2012 100MB 4.1.10329.0 unnötig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 04.04.2012 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 02.08.2011 2,38MB 8.0.56336 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 02.03.2011 620KB 8.0.61000 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 03.05.2011 580KB 8.0.51011 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 03.05.2011 598KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12.07.2011 240KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.04.2011 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 15.11.2011 11,0MB 10.0.30319 unbekannt Microsoft WSE 3.0 Runtime Microsoft Corp. 12.07.2011 942KB 3.0.5305.0 unbekannt Mozilla Firefox 13.0.1 (x86 de) Mozilla 24.06.2012 36,2MB 13.0.1 notwendig Mozilla Maintenance Service Mozilla 24.06.2012 309KB 13.0.1 notwendig Mozilla Thunderbird 13.0.1 (x86 de) Mozilla 27.06.2012 40,5MB 13.0.1 notwendig MSXML 4.0 SP2 Parser und SDK Microsoft Corporation 02.08.2011 5,07MB 4.20.9818.0 unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 02.03.2011 1,53MB 4.30.2107.0 unbekannt NVIDIA Grafiktreiber 267.21 NVIDIA Corporation 12.05.2011 267.21 notwendig PDF24 Creator 4.1.2 PDF24.org 05.01.2012 33,9MB notwendig PDFCreator Frank Heindörfer, Philip Chinery 23.04.2011 1.2.0 unnötig Phase 5 HTML-Editor Systemberatung Schommer 13.01.2012 3,72MB 5.6.2.3 notwendig Realtek Ethernet Controller Driver For Windows 7 Realtek 02.03.2011 7.21.531.2010 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12.05.2011 6.0.1.6294 notwendig Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 02.03.2011 6.1.7600.10001 notwendig Security Task Manager 1.8d Neuber Software 04.07.2012 1.8d unnötig Skype™ 5.9 Skype Technologies S.A. 28.05.2012 19,3MB 5.9.115 notwendig Steganos Password Manager 12 Steganos Software GmbH 06.03.2012 12.0.6 unnötig Tom Clancy's Splinter Cell Double Agent Ubisoft 05.05.2011 1.00.0000 unnötig TrueCrypt TrueCrypt Foundation 19.04.2012 7.1a notwendig USB2.0 UVC VGA WebCam Sonix 02.03.2011 5.8.55133.208 notwendig Windows Live Essentials Microsoft Corporation 04.04.2012 15.4.3555.0308 unnötig WinRAR 4.00 (64-Bit) win.rar GmbH 27.04.2011 4.00.0 notwendig Wireless Console 3 ASUS 02.03.2011 2,44MB 3.0.19 notwendig |
|
09.07.2012, 19:29
| #10 |
| /// Malware-holic | Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: http://filepony.de/download-adobe_reader/ haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Shockwave Desktop Icon Free YouTube PDFCreator Security Task Steganos Tom Clancy's Windows Live öffne ccleaner, analysieren, starten öffne otl, cleanup pc startet neu, teste wie der pc läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe |
| 0_0u_l.exe, antivir, avira, bho, browser, error, fehler, firefox, flash player, format, ftp, helper, home, install.exe, logfile, mozilla, nvidia update, nvpciflt.sys, plug-in, programm, prozess, realtek, registry, rundll, searchscopes, security, software, svchost.exe, system, task manager problem, udp, usb, usb 2.0, wscript.exe |
Linear-Darstellung
