Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows aus Sicherheitsgründen gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.02.2012, 21:00   #1
Linda23
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



Leider hat es mich auch erwischt und windows wurde 'gesperrt'. ich wäre euch sehr dankbar, wenn ihr mir helfen könntet!

Alt 14.02.2012, 21:30   #2
Linda23
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



Ich habe schon mal den OTL Scan ausgeführt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.02.2012 22:16:49 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,45 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 80,76% Memory free
7,09 Gb Paging File | 6,67 Gb Available in Paging File | 94,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 58,92 Gb Free Space | 42,42% Space Free | Partition Type: NTFS
 
Computer Name: LAURA-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation)
DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (RLDesignVirtualAudioCableWdm) -- C:\Windows\System32\drivers\livecamv.sys ()
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.09 18:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.13 16:38:19 | 000,000,000 | ---D | M]
 
[2009.07.11 15:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012.02.12 14:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions
[2010.05.01 09:39:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.07 17:51:48 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}(126)
[2012.01.09 10:50:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}(125)
[2011.02.15 11:51:43 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.09 15:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.30 17:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\USERS\LAURA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBG1Y0I.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
[2012.01.04 00:55:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.19 18:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010.05.25 09:38:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.26 20:19:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BIOSEvent] C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe ()
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ffdwnd] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23841AE8-6C8D-42A4-954D-00ADC665EE9C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.14 22:03:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.14 14:26:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\a1-Dateien
[2012.02.14 14:25:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\2-Dateien
[2012.02.14 14:25:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1-Dateien
[2012.02.08 10:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.08 10:59:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012.02.08 10:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.08 10:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.02.08 10:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.02.08 10:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.02.08 10:52:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.08 10:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.02.07 21:10:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HIST_FR_s5_Renaissance-Dateien
[2012.02.07 21:10:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Histoire-Dateien
[2012.02.07 21:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\lang-frcs-trav-ages-Dateien
[2012.02.07 21:09:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\la_renaissance-Dateien
[2012.02.07 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\humanisme-Dateien
[2012.02.07 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\defendre-Dateien
[2012.02.07 21:09:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Histoire_de_la_langue_française-Dateien
[2012.02.06 09:21:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ranciere
[2012.01.27 13:56:44 | 000,000,000 | ---D | C] -- C:\PPFS_Tools
[2012.01.27 13:56:44 | 000,000,000 | ---D | C] -- C:\PPFS_Scan3
[2012.01.26 21:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.26 21:14:24 | 000,000,000 | ---D | C] -- C:\PPF_SCAN2
[2012.01.26 20:24:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.26 20:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.26 20:24:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2012.01.26 20:04:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.26 20:04:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.26 20:04:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.26 20:04:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.01.26 20:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.20 21:13:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.20 18:23:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[9 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.14 22:03:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.14 21:57:16 | 000,598,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.14 21:57:16 | 000,104,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.14 21:52:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 21:48:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 21:48:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 14:30:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.14 14:26:19 | 000,107,316 | ---- | M] () -- C:\Users\***\Desktop\a1.htm
[2012.02.14 14:25:50 | 000,107,299 | ---- | M] () -- C:\Users\***\Desktop\2.htm
[2012.02.14 14:25:36 | 000,116,014 | ---- | M] () -- C:\Users\***\Desktop\1.htm
[2012.02.09 11:20:36 | 000,086,713 | ---- | M] () -- C:\Users\***\Desktop\histoire.pdf
[2012.02.07 21:10:11 | 000,116,178 | ---- | M] () -- C:\Users\***\Desktop\HIST_FR_s5_Renaissance.htm
[2012.02.07 21:10:06 | 000,022,210 | ---- | M] () -- C:\Users\***\Desktop\Histoire.html
[2012.02.07 21:09:58 | 000,017,251 | ---- | M] () -- C:\Users\***\Desktop\lang-frcs-trav-ages.html
[2012.02.07 21:09:54 | 000,014,289 | ---- | M] () -- C:\Users\***\Desktop\cm14.html
[2012.02.07 21:09:49 | 000,021,883 | ---- | M] () -- C:\Users\***\Desktop\humanisme.html
[2012.02.07 21:09:38 | 000,086,713 | ---- | M] () -- C:\Users\***\Desktop\05_histoire_francais.pdf
[2012.02.07 21:09:32 | 000,024,078 | ---- | M] () -- C:\Users\***\Desktop\defendre.htm
[2012.02.07 21:09:26 | 000,170,907 | ---- | M] () -- C:\Users\***\Desktop\Histoire_de_la_langue_française.htm
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.27 00:04:00 | 000,001,356 | ---- | M] () -- C:\Users\Laura\AppData\Local\d3d9caps.dat
[2012.01.26 20:19:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.22 22:52:05 | 000,052,126 | ---- | M] () -- C:\Users\***\Documents\2D460d01.pdf
[2012.01.22 22:49:09 | 000,057,892 | ---- | M] () -- C:\Users\***\Documents\C1AAAd01.pdf
[2012.01.20 18:26:45 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.16 13:06:03 | 013,415,134 | ---- | M] () -- C:\Users\***\Desktop\iotc_19990211-0900b.mp3
[2012.01.16 13:05:29 | 013,625,340 | ---- | M] () -- C:\Users\***\Desktop\iotc_20000323-0900b.mp3
[2012.01.16 13:04:55 | 019,824,400 | ---- | M] () -- C:\Users\***\Desktop\iotc_20030410-0900a.mp3
[2012.01.16 13:04:46 | 020,324,635 | ---- | M] () -- C:\Users\***\Desktop\iotc_20040212-0900a.mp3
[2012.01.16 13:04:35 | 020,262,743 | ---- | M] () -- C:\Users\***\Desktop\iotc_20041007-0900a.mp3
[2012.01.16 13:01:13 | 020,229,648 | ---- | M] () -- C:\Users\***\Desktop\iotp_20051117-0900a.mp3
[2012.01.16 13:00:53 | 020,300,085 | ---- | M] () -- C:\Users\***\Desktop\iotp_20070208-0900a.mp3
[2012.01.16 13:00:35 | 020,302,257 | ---- | M] () -- C:\Users\***\Desktop\iotp_20080320-0900a.mp3
[2012.01.16 13:00:24 | 020,261,990 | ---- | M] () -- C:\Users\***\Desktop\iotp_20080424-0900a.mp3
[2012.01.16 13:00:10 | 020,260,105 | ---- | M] () -- C:\Users\***\Desktop\iotp_20081106-0900a.mp3
[2012.01.16 12:59:58 | 020,294,261 | ---- | M] () -- C:\Users\***\Desktop\iotp_20090115-0900a.mp3
[2012.01.16 12:59:45 | 020,369,207 | ---- | M] () -- C:\Users\***\Desktop\iotp_20091029-0900a.mp3
[9 C:\Users\Laura\Desktop\*.tmp files -> C:\Users\Laura\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.14 14:26:15 | 000,107,316 | ---- | C] () -- C:\Users\***\Desktop\a1.htm
[2012.02.14 14:25:47 | 000,107,299 | ---- | C] () -- C:\Users\***\Desktop\2.htm
[2012.02.14 14:25:31 | 000,116,014 | ---- | C] () -- C:\Users\***\Desktop\1.htm
[2012.02.09 11:20:36 | 000,086,713 | ---- | C] () -- C:\Users\***\Desktop\histoire.pdf
[2012.02.08 10:54:18 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.02.07 21:10:10 | 000,116,178 | ---- | C] () -- C:\Users\***\Desktop\HIST_FR_s5_Renaissance.htm
[2012.02.07 21:10:05 | 000,022,210 | ---- | C] () -- C:\Users\***\Desktop\Histoire.html
[2012.02.07 21:09:58 | 000,017,251 | ---- | C] () -- C:\Users\***\Desktop\lang-frcs-trav-ages.html
[2012.02.07 21:09:54 | 000,014,289 | ---- | C] () -- C:\Users\***\Desktop\cm14.html
[2012.02.07 21:09:49 | 000,021,883 | ---- | C] () -- C:\Users\***\Desktop\la_renaissance.htm
[2012.02.07 21:09:43 | 000,075,181 | ---- | C] () -- C:\Users\***\Desktop\humanisme.html
[2012.02.07 21:09:38 | 000,086,713 | ---- | C] () -- C:\Users\***\Desktop\05_histoire_francais.pdf
[2012.02.07 21:09:32 | 000,024,078 | ---- | C] () -- C:\Users\***\Desktop\defendre.htm
[2012.02.07 21:09:24 | 000,170,907 | ---- | C] () -- C:\Users\***\Desktop\Histoire_de_la_langue_française.htm
[2012.01.26 20:04:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.26 20:04:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.26 20:04:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.22 22:52:05 | 000,052,126 | ---- | C] () -- C:\Users\***\Documents\2D460d01.pdf
[2012.01.22 22:49:09 | 000,057,892 | ---- | C] () -- C:\Users\***\Documents\C1AAAd01.pdf
[2012.01.20 18:26:45 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.16 13:05:56 | 013,415,134 | ---- | C] () -- C:\Users\***\Desktop\iotc_19990211-0900b.mp3
[2012.01.16 13:05:23 | 013,625,340 | ---- | C] () -- C:\Users\***\Desktop\iotc_20000323-0900b.mp3
[2012.01.16 13:04:47 | 019,824,400 | ---- | C] () -- C:\Users\***\Desktop\iotc_20030410-0900a.mp3
[2012.01.16 13:04:37 | 020,324,635 | ---- | C] () -- C:\Users\***\Desktop\iotc_20040212-0900a.mp3
[2012.01.16 13:04:27 | 020,262,743 | ---- | C] () -- C:\Users\***\Desktop\iotc_20041007-0900a.mp3
[2012.01.16 13:01:04 | 020,229,648 | ---- | C] () -- C:\Users\***\Desktop\iotp_20051117-0900a.mp3
[2012.01.16 13:00:44 | 020,300,085 | ---- | C] () -- C:\Users\***\Desktop\iotp_20070208-0900a.mp3
[2012.01.16 13:00:27 | 020,302,257 | ---- | C] () -- C:\Users\***\Desktop\iotp_20080320-0900a.mp3
[2012.01.16 13:00:15 | 020,261,990 | ---- | C] () -- C:\Users\***\Desktop\iotp_20080424-0900a.mp3
[2012.01.16 13:00:02 | 020,260,105 | ---- | C] () -- C:\Users\***\Desktop\iotp_20081106-0900a.mp3
[2012.01.16 12:59:49 | 020,294,261 | ---- | C] () -- C:\Users\***\Desktop\iotp_20090115-0900a.mp3
[2012.01.16 12:59:36 | 020,369,207 | ---- | C] () -- C:\Users\***\Desktop\iotp_20091029-0900a.mp3
[2010.11.05 11:39:21 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.05.09 17:04:00 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.01.17 15:38:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.01.03 15:13:18 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.12.24 16:19:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2009.12.24 16:19:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2009.10.25 14:05:55 | 000,466,944 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.10.25 13:58:51 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll
[2009.09.17 11:50:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.17 11:50:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 11:48:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.09.01 04:31:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009.08.23 12:08:07 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2009.07.11 21:15:42 | 000,036,352 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.11 13:39:34 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\WavXMapDrive.bat
[2009.06.29 16:54:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.29 15:38:44 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.05.07 00:51:42 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.05.07 00:51:41 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009.05.07 00:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.07 00:28:40 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009.05.07 00:28:39 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.05.07 00:28:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.05.07 00:28:39 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009.05.06 16:16:11 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2009.05.06 16:13:35 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2009.05.06 16:05:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.01.05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.11.08 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2008.11.08 11:56:48 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2008.11.08 11:56:48 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2008.11.08 11:56:46 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2008.11.08 11:56:46 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2008.11.08 11:56:44 | 000,565,248 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2008.11.08 11:56:44 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2008.11.08 11:56:42 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll
[2008.11.08 11:56:42 | 000,479,232 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2008.11.08 11:56:42 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2008.11.08 11:56:40 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll
[2008.11.08 11:56:40 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll
[2008.11.08 11:56:38 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll
[2008.11.08 11:56:38 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll
[2008.11.08 11:56:34 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll
[2008.11.08 11:56:32 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll
[2008.11.08 11:56:32 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll
[2008.11.08 11:56:30 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll
[2008.11.08 11:56:30 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll
[2008.11.08 11:56:30 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll
[2008.11.08 11:56:28 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll
[2008.11.08 11:56:28 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll
[2008.11.08 11:56:28 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll
[2008.11.08 11:56:10 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2008.11.08 11:56:04 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2008.09.26 07:33:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2008.09.24 18:37:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2008.09.24 18:37:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2008.09.24 18:36:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2008.09.24 18:36:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2008.09.24 18:36:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2008.09.24 18:36:02 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2008.09.24 18:36:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2008.09.24 18:35:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2008.09.24 18:35:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2008.09.24 18:35:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2008.09.24 18:35:48 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2008.09.24 18:35:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2008.09.24 18:35:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2008.09.24 18:35:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2008.09.24 18:35:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2008.09.24 18:35:40 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2008.09.24 18:35:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2008.09.24 18:35:38 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2008.09.24 18:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2008.09.24 18:35:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2008.09.24 18:35:34 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2008.09.24 18:35:32 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2008.09.24 18:35:30 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2008.09.24 18:35:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2008.09.19 08:51:24 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2008.08.22 16:28:12 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2008.03.25 09:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2008.03.18 13:02:52 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll
[2008.02.03 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.04.19 05:52:16 | 000,080,720 | ---- | C] () -- C:\Windows\System32\AsfBios.dll
[2007.04.19 05:28:10 | 000,025,424 | ---- | C] () -- C:\Windows\System32\drivers\netamsg.dll
[2007.04.16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,387,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 000,598,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.30 12:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006.06.30 12:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll
[2004.09.10 13:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004.09.10 13:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >
         
--- --- ---

UND TEIL 2:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.02.2012 22:16:49 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Laura\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,45 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 80,76% Memory free
7,09 Gb Paging File | 6,67 Gb Available in Paging File | 94,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 58,92 Gb Free Space | 42,42% Space Free | Partition Type: NTFS
 
Computer Name: LAURA-LAPTOP | User Name: Laura | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BA1906-EA85-4676-8EC8-EE7B7DDD8DA7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E38398B-94BB-450E-BC3A-4E2CF6374662}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1D67C097-44C6-4454-B365-B681A0752BD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4352F3EE-B338-47E7-A1F0-E78C07EDB16B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{452B8285-F1D1-42D4-B0DE-C90B66D2A87B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{873EF4EF-6368-4C28-85AC-9BABCE44CB7B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{8F88865B-BE15-4428-98B0-606DFDA79CEE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{940AE4BD-1467-4B8C-972A-87D2438BD2FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC6807E5-8198-411F-A5AF-CF90E672B303}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF0E6371-3CA0-43F5-B06C-7E3DE22B8321}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CF8ACB-36D8-4D11-BC64-6D3A4BBF7DA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{050F23D3-C08A-47A2-92EB-7E54028DAF28}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs4d87.tmp\symnrt.exe | 
"{053A7A1E-8D2F-4AB0-ACB3-A5145DE343C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13BDFAAC-B30D-4E0C-8B33-F1441C07CBDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{242F00E1-253F-43F5-B543-DC090B65A102}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3165A6C9-A9A8-4201-9347-2B791DAB9BDD}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{3FA9252D-8EB1-451A-8C3A-3A7C83DBA0F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4FFAE661-8BD7-4753-B009-A7A36B256752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{51B80EDC-00C1-4C61-978D-10817E390EE9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{5441CFAF-9418-4EE1-9BB4-7356C50F3C15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{66E9516E-A687-4408-BDD6-DD2245F94EB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7181C4BB-6D00-40C9-8632-D55C741C2363}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{751ED8FD-D0D4-41E7-B7D4-A2DF257829DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AAAA2A2-13D8-4A0C-927F-F24AED8EBB41}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs49b0.tmp\symnrt.exe | 
"{80A5463D-FA3A-4624-812A-FBF8708C6DB6}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{86BA2747-13A6-430F-A870-2BE4AFAB1707}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{886C57D5-139D-443B-971D-580BEDB7E74E}" = protocol=6 | dir=out | app=system | 
"{89C4D86E-02FB-4C44-8F6F-2D3B6DDEE375}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8C08A9E6-9E77-4FF5-A112-A08EB5A70E3B}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe | 
"{8F092AD3-AD9A-4744-9624-EB60B3C0684C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{97B64630-46BC-418F-BD23-DBBE5E2E438C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9887D2CD-70A0-4308-A3AB-22E8824C8DED}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs49b0.tmp\symnrt.exe | 
"{98B69A68-A4C1-4C91-9A8D-7061E8A012F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F7DB67A-6C4B-40BE-8E98-86F3338B597C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F9F1C92-1F60-4F4A-A9E6-F428D6248C21}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{A308D34C-2C80-4129-B3D2-B78A16F1DE83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A6B4BC3B-17CC-4EBA-9EC0-CE8A57E2D470}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{B70D7283-8F27-4B14-B661-02BFE3E659CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B98E83D7-6708-4073-892B-6860343D2F7D}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{C2010A54-74C0-4651-895D-C4FA130C2FB3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{DBC5F059-4F07-48A5-98E4-F211C78C3655}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD0CF21F-1D55-4FC9-903D-D24BE8D0FFDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E4C4D0F9-FE82-415D-8344-045A13E36F24}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs4d87.tmp\symnrt.exe | 
"{E8187DA7-C95C-4789-A500-382EBB78A89F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F69A8158-0798-4A19-8A6D-3F5F59C1783F}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe | 
"TCP Query User{163B1147-812F-47B8-9648-05BC09530AA4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{5045FDC3-04D3-44F3-B5E6-1236283A7800}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{7C5F51F8-8930-44F1-AD7D-5729C06F7A4A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{995E5D55-EAA0-4F5E-AD6E-05E7EA36D90B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9C9DEAA4-6648-4330-86A3-E4D501F9B2EF}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{BE997588-30FD-400A-8210-185FBFE392B2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{F3C768F2-85B5-4E44-BFD6-0100310ED9AA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{0571C39E-77A4-40B4-A7BC-DD82F5A0F71F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{05C88454-8F47-4E3E-9455-EA941FE3E6F6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{683C34EC-4D56-4BE6-BB3E-79DF0EAD8A1F}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{BA6AD641-CBF7-403D-942A-E7AE61D45D76}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{CC43766D-CA90-407D-8BCF-58302172B454}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{E94C9D1C-18DF-4DA0-870D-152A97D4FEA3}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{F13BE792-133F-4C3C-9479-CFD97F82F601}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4502
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D523D94-C637-4C49-89FD-5B8FFB071D76}" = Dell ControlPoint Connection Manager
"{506E853B-8FBF-4F28-86EB-E931ABD0C056}" = Dell Latitude ON Reader
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8361A088-1A86-425B-968E-034555992392}" = NTRU TCG Software Stack
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E25AB4C-71E0-4B43-B44F-108BE18DC531}" = DCP32MMWrapper
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1261462-A2EF-4FAB-9513-48EBEFC9A76E}" = Dell Button Service
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B20179BA-2872-432F-8D88-B8F44AED359B}" = Broadcom USH Host Components
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D43C8156-C238-4FE1-9CEA-C39E3B8A3530}" = Wave Infrastructure Installer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FDE4BEC4-2D7E-4799-A9BA-2BD23512CC7B}" = Dell Control Point
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF1FB289-146C-49EB-98C1-FADF4162CE28}" = Dell ControlPoint System Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)  
"Dell Webcam Central" = Dell Webcam Central
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Gmail Notifier" = Gmail Notifier
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"Tobit ClipInc Server" = WDR RadioRecorder
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2012 14:22:02 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1394368
 
Error - 14.02.2012 14:22:02 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1394368
 
Error - 14.02.2012 14:22:04 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.02.2012 14:22:04 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1396302
 
Error - 14.02.2012 14:22:04 | Computer Name = ***-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1396302
 
Error - 14.02.2012 16:48:36 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2012 16:49:00 | Computer Name = ***-Laptop | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
 
Error - 14.02.2012 16:49:01 | Computer Name = ***-Laptop | Source = LMS | ID = 2
Description = Failed to unregister for device notifications
 
Error - 14.02.2012 16:53:24 | Computer Name = ***-Laptop | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.02.2012 16:54:01 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 14.02.2012 14:48:46 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 14.02.2012 14:48:46 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 14.02.2012 14:48:46 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 14.02.2012 14:49:37 | Computer Name = ´***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 14.02.2012 14:49:37 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 14.02.2012 14:49:37 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 14.02.2012 14:49:37 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4287
Invoked
 Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 14.02.2012 14:49:38 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 14.02.2012 14:49:38 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 14.02.2012 16:49:21 | Computer Name = ***-Laptop | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
[ OSession Events ]
Error - 20.01.2011 06:24:56 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3767
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.04.2011 13:48:36 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2011 07:41:16 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 356
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2011 05:44:28 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 162
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2011 05:55:57 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 583
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06.09.2011 08:03:49 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58038
 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error - 03.11.2011 14:17:16 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 782
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.11.2011 10:22:45 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2011 22:44:17 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11281
 seconds with 3420 seconds of active time.  This session ended with a crash.
 
Error - 10.12.2011 08:03:46 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6979
 seconds with 2040 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.02.2012 10:20:38 | Computer Name = ***-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
 period.
 
Error - 14.02.2012 16:48:08 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:47:01 on 14.02.2012 was unexpected.
 
Error - 14.02.2012 16:48:55 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 14.02.2012 16:48:59 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.02.2012 16:52:48 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 21:51:00 on 14.02.2012 was unexpected.
 
Error - 14.02.2012 16:53:15 | Computer Name = ***-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 14.02.2012 16:53:24 | Computer Name = ***-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 14.02.2012 16:53:30 | Computer Name = ***-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 14.02.2012 16:54:02 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.02.2012 16:54:02 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---
__________________


Alt 15.02.2012, 09:42   #3
markusg
/// Malware-holic
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



hi
ersetze im script *** durch nutzernamen


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [ffdwnd] C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
 :Files
C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!
__________________
__________________

Alt 15.02.2012, 09:55   #4
Linda23
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



Vielen Dank erst einmal!! Ihr habt hier ja ganz schön zu tun!!

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ffdwnd deleted successfully.
File C:\Users\***\AppData\Local\Mozilla\Firefox\firefox.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: ***
->Flash cache emptied: 3236 bytes

User: ***
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16169557 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58069123 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 568953 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2443800942 bytes

Total Files Cleaned = 2.402,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02152012_104951

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 15.02.2012, 09:57   #5
markusg
/// Malware-holic
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



hattest du *** durch den nutzernamen ersetzt? wenn nein, noch mal das script ausführen, falls doch
bitte den upload machen, und nur auf von mir genannten seiten surfen, die sicherheitslücken die dir das eingebrockt haben sind noch da, und ich will keine doppelte arbeit haben.
weiter gehts nach dem upload

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.02.2012, 09:57   #6
Linda23
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



upload müsste geklappt haben!

Alt 15.02.2012, 09:59   #7
markusg
/// Malware-holic
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



und noch mal die frage, hast du *** durch deinen nutzernamen ersetzt...
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.02.2012, 09:59   #8
Linda23
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



ich habe den namen eingegeben und am Ende wieder mit Sternchen markiert (das hab ich auf eurer Seite irgendwo gelesen)... ich kanns aber gerne noch einmal machen zur Sicherheit?

Alt 15.02.2012, 10:00   #9
markusg
/// Malware-holic
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



ne, ist ok, wollte nur sicher gehen.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.02.2012, 10:37   #10
Linda23
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



hier also combofix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-13.01 - *** 15.02.2012  11:13:07.3.2 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1033.18.3535.2442 [GMT 1:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-15 bis 2012-02-15  ))))))))))))))))))))))))))))))
.
.
2012-02-15 10:24 . 2012-02-15 10:24	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-02-15 10:24 . 2012-02-15 10:24	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-02-15 10:24 . 2012-02-15 10:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-14 13:53 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D0A4A86-383C-447A-B349-A6937F136733}\mpengine.dll
2012-02-08 09:59 . 2009-05-18 12:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-02-08 09:59 . 2008-04-17 11:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2012-02-08 09:58 . 2012-02-08 09:58	--------	d-----w-	c:\program files\iPod
2012-02-08 09:58 . 2012-02-08 09:59	--------	d-----w-	c:\program files\iTunes
2012-02-08 09:54 . 2012-02-08 09:54	--------	d-----w-	c:\program files\Apple Software Update
2012-02-08 09:52 . 2012-02-08 09:52	--------	d-----w-	c:\program files\Bonjour
2012-02-08 09:51 . 2012-02-08 09:58	--------	d-----w-	c:\program files\Common Files\Apple
2012-01-27 12:56 . 2012-01-27 12:56	--------	d-----w-	C:\PPFS_Scan3
2012-01-27 12:56 . 2012-01-27 12:56	--------	d-----w-	C:\PPFS_Tools
2012-01-26 20:19 . 2012-01-26 20:19	--------	d-----w-	c:\program files\ESET
2012-01-26 20:14 . 2012-01-26 20:14	--------	d-----w-	C:\PPF_SCAN2
2012-01-26 19:24 . 2012-02-15 10:24	--------	d-----w-	c:\users\***\AppData\Local\temp
2012-01-20 20:13 . 2012-02-15 09:56	--------	d-----w-	C:\_OTL
2012-01-20 17:23 . 2012-01-20 17:23	--------	d-----w-	c:\windows\Sun
2012-01-19 19:24 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-19 19:24 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-19 19:24 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-19 19:24 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-19 19:24 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-19 19:24 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-11-11 13:46	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-10 14:24 . 2009-12-24 15:21	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-08 14:34 . 2011-10-14 12:43	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-25 15:59 . 2012-01-11 21:43	376320	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 10:19	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 21:43	1205064	----a-w-	c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 21:43	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-03 23:55 . 2011-03-26 15:16	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-19 17:59 . 2009-12-23 15:24	47104	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2008-11-09 17:10	40960	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2008-11-09 17:10	40960	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696]
"BIOSEvent"="c:\program files\Dell\Latitude ON Reader Data\BIOSEvent.exe" [2008-08-29 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Inhaltsverzeichnis.onetoc2 [2010-1-7 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
backup=c:\windows\pss\Dell ControlPoint System Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
backup=c:\windows\pss\p6_19_erinnerung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-02-23 05:51	200704	----a-w-	c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-09-24 17:36	184320	----a-w-	c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLIVFR]
2008-08-29 21:35	233472	------w-	c:\program files\Dell\Latitude ON Reader Data\CLIVFR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 14:54	446635	------w-	c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
2008-10-01 03:29	1454080	----a-w-	c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
2008-08-18 10:12	598016	----a-w-	c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 10:09	460784	----a-w-	c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]
2010-11-23 18:26	39936	----a-w-	c:\program files\dradio-Recorder\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2008-11-10 09:00	91448	----a-w-	c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-27 06:03	173592	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-04 12:00	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-27 06:04	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2012-01-13 13:53	981680	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 13:06	128296	------w-	c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-27 06:03	150552	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2008-06-02 17:27	367128	----a-w-	c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2007-01-03 03:47	520192	----a-w-	c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27	17351304	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-03-17 09:02	483420	----a-w-	c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService]
2008-11-10 14:06	24576	----a-w-	c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2008-09-26 06:35	134144	----a-w-	c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe [2009-03-17 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.hiergehtslos.de
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cbg1y0i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zeit.de/index
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-15 11:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3603173210-3932442168-3912850311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3603173210-3932442168-3912850311-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList]
@Class="Shell"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'Explorer.exe'(1080)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
Zeit der Fertigstellung: 2012-02-15  11:29:10
ComboFix-quarantined-files.txt  2012-02-15 10:29
ComboFix2.txt  2012-01-26 19:24
.
Vor Suchlauf: 62.021.267.456 bytes free
Nach Suchlauf: 62.931.742.720 bytes free
.
- - End Of File - - F459419FF9578005B569A9FF3B8E3277
         
--- --- ---

Alt 15.02.2012, 10:54   #11
markusg
/// Malware-holic
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.02.2012, 13:49   #12
Linda23
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



so hier ist der log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.15.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
*** :: ***-LAPTOP [administrator]

15.02.2012 11:56:59
mbam-log-2012-02-15 (11-56-59).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 321757
Time elapsed: 2 hour(s), 50 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 15.02.2012, 14:38   #13
markusg
/// Malware-holic
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



lade den CCleaner standard:
http://filepony.de/download-ccleaner/
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Geändert von markusg (15.02.2012 um 14:58 Uhr)

Alt 15.02.2012, 14:41   #14
Linda23
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



hab ich das nicht gerade gemacht und die ergebnisse gepostet? Oder hab ich etwas falsch gemacht?
sorry, ich stehe gerade etwas auf dem schlauch!

Alt 15.02.2012, 14:58   #15
markusg
/// Malware-holic
 
Windows aus Sicherheitsgründen gesperrt - Standard

Windows aus Sicherheitsgründen gesperrt



jo, hab grad editiert, sorry
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Windows aus Sicherheitsgründen gesperrt
aus sicherheitsgründen, dankbar, erwischt, gesperrt, könntet, sicherheitsgründe, sicherheitsgründen, windows



Ähnliche Themen: Windows aus Sicherheitsgründen gesperrt


  1. Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€
    Log-Analyse und Auswertung - 06.05.2012 (25)
  2. Windows wurde aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (12)
  3. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 19.03.2012 (21)
  4. Aus sicherheitsgründen ist ihr windows gesperrt
    Log-Analyse und Auswertung - 06.03.2012 (4)
  5. Windows aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (13)
  6. aus sicherheitsgründen ist ihr windows gesperrt
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (9)
  7. Aus sicherheitsgründen ist ihr windows gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (1)
  8. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 29.02.2012 (16)
  9. Windows aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (50)
  10. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 27.02.2012 (9)
  11. windows aus sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (26)
  12. Windows 7: Achtung Ihr Windows wurde aus Sicherheitsgründen gesperrt! Bezahlen und runterladen
    Log-Analyse und Auswertung - 17.02.2012 (2)
  13. Windows aus Sicherheitsgründen gesperrt / 50€ Forderung
    Log-Analyse und Auswertung - 13.02.2012 (11)
  14. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 12.02.2012 (9)
  15. Windows wurde aus Sicherheitsgründen gesperrt.....
    Plagegeister aller Art und deren Bekämpfung - 27.01.2012 (27)
  16. Windows aus Sicherheitsgründen gesperrt.. Sorry
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (11)
  17. Windows aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 10.12.2011 (1)

Zum Thema Windows aus Sicherheitsgründen gesperrt - Leider hat es mich auch erwischt und windows wurde 'gesperrt'. ich wäre euch sehr dankbar, wenn ihr mir helfen könntet! - Windows aus Sicherheitsgründen gesperrt...
Archiv
Du betrachtest: Windows aus Sicherheitsgründen gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.