| |
| |||||||
Log-Analyse und Auswertung: System Fix entfernt- Laptop virenfrei?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.12.2011, 02:39
| #1 |
| |  System Fix entfernt- Laptop virenfrei? Hi, habe mir leider auch den System Fix Virus eingefangen. Das kam, nachdem ich tap.exe oder tapinstall.exe aus Norton Antivirus gelöscht hatte. Wurde bei Norton als bedrohlich eingestuft und wollte ich demnach entfernen... Habe den Virus nach der Anleitung hier im Board entfernt (rkill,malwarebytes,tdsskiller,unhide) und es scheint alles geklappt zu haben. Nur die Startmenüicons fehlen noch (und ein paar systemfix-vernüpfungen waren da), aber ich versuche das nochmal mit dem unhide programm zu richten. Ich wäre euch sehr dankbar, wenn ihr mir anhand der OTL- Logfiles sagen könnt, ob der Virus vollständig entfernt wurde und ob ich den Laptog bedenkenlos weiternutzen kann. Im Anhang befinden sich die Malwarebytebefunde, sowie OTL- Logfiles. Vielen Dank im Voraus, Philipp |
|
02.12.2011, 09:29
| #2 | ||||
| /// Helfer-Team    | System Fix entfernt- Laptop virenfrei? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. - zwei gleichzeitig installierte und aktivierte Antivirenprogramme: Code:
ATTFilter Avira
Norman Security
Norton AntiVirus
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. Zitat:
► Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software : -> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software ► AV Deinstallations Hinweise also Entscheide Dich für NUR einen Virenscanner und benutze diesen regelmäßig! 2. Zitat:
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"... ► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 3. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 4. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
5. erneut einen Systemscan mit OTL
6. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
kira
__________________ |
|
04.12.2011, 02:47
| #3 |
| | System Fix entfernt- Laptop virenfrei? So, spät nachts bin ich jetzt dazu gekommen deinen Anweisungen folge zu leisten!hoffe ich habe alles richtig gemacht. Leider sind meine startmenüicons noch nicht zurückgekehrt...
__________________die Logfiles: Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-03 17:30:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: 74xf93cj.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\pwldakod.sys
---- System - GMER 1.0.15 ----
SSDT 8A70EDC8 ZwAlertResumeThread
SSDT 8A70EEA8 ZwAlertThread
SSDT 8A70FC70 ZwAllocateVirtualMemory
SSDT 8A67D280 ZwAlpcConnectPort
SSDT 8A70EB18 ZwCreateMutant
SSDT 8A70FE00 ZwCreateThread
SSDT 8A70E878 ZwDebugActiveProcess
SSDT 8A70F358 ZwFreeVirtualMemory
SSDT 8A70EC08 ZwImpersonateAnonymousToken
SSDT 8A70ECE8 ZwImpersonateThread
SSDT 8A70F258 ZwMapViewOfSection
SSDT 8A70EA38 ZwOpenEvent
SSDT 8A70FD40 ZwOpenProcessToken
SSDT A1908008 ZwOpenSection
SSDT 8A70E3D8 ZwOpenThreadToken
SSDT 8A6B61A8 ZwResumeThread
SSDT 8A70E2F8 ZwSetContextThread
SSDT 8A70F088 ZwSetInformationProcess
SSDT 8A70E208 ZwSetInformationThread
SSDT 8A70E958 ZwSuspendProcess
SSDT 8A70EFD0 ZwSuspendThread
SSDT 8A70FEE0 ZwTerminateProcess
SSDT 8A70E128 ZwTerminateThread
SSDT 8A70F178 ZwUnmapViewOfSection
SSDT 8A70F008 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 82AF48A0 8 Bytes [C8, ED, 70, 8A, A8, EE, 70, ...] {ENTER 0x70ed, 0x8a; TEST AL, 0xee; JO 0xffffffffffffff92}
.text ntkrnlpa.exe!KeSetEvent + 131 82AF48B4 4 Bytes [70, FC, 70, 8A] {JO 0xfffffffffffffffe; JO 0xffffffffffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 13D 82AF48C0 4 Bytes [80, D2, 67, 8A]
.text ntkrnlpa.exe!KeSetEvent + 1F5 82AF4978 4 Bytes [18, EB, 70, 8A] {SBB BL, CH; JO 0xffffffffffffff8e}
.text ntkrnlpa.exe!KeSetEvent + 221 82AF49A4 4 Bytes [00, FE, 70, 8A] {ADD DH, BH; JO 0xffffffffffffff8e}
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E60D320, 0x3E4E87, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[556] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[556] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[556] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[556] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[556] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wininit.exe[652] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[652] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wininit.exe[652] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wininit.exe[652] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[652] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\services.exe[696] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\services.exe[696] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[696] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[708] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[708] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[716] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[716] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[784] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[784] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\Explorer.EXE[784] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[784] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[784] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[868] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\nvvsvc.exe[912] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[912] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\nvvsvc.exe[912] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\nvvsvc.exe[912] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\nvvsvc.exe[912] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[940] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[976] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[976] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[976] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[976] psapi.dll!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\winlogon.exe[1024] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[1024] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\winlogon.exe[1024] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\winlogon.exe[1024] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[1024] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1068] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1068] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1068] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1140] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\svchost.exe[1140] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1152] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1304] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1352] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1352] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1392] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1392] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1392] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1392] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1392] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\rundll32.exe[1440] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1440] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\rundll32.exe[1440] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\rundll32.exe[1440] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\rundll32.exe[1440] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1572] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1796] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\spoolsv.exe[1796] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1796] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2000] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2000] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2000] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2000] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Dwm.exe[2008] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[2008] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[2008] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[2216] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2216] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[2216] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[2216] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[2216] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe[2592] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe[2592] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0B, 5F]
.text C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe[2592] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Program Files\T-Online\Dialerschutz-Software\DFInject.exe[2592] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2664] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2664] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2664] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2664] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2664] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\OEM\OSD_1.12\OsdService.exe[2816] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OEM\OSD_1.12\OsdService.exe[2816] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0B, 5F]
.text C:\Program Files\OEM\OSD_1.12\OsdService.exe[2816] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Program Files\OEM\OSD_1.12\OsdService.exe[2816] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\IoctlSvc.exe[2864] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\IoctlSvc.exe[2864] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\IoctlSvc.exe[2864] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\IoctlSvc.exe[2864] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\IoctlSvc.exe[2864] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2900] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2900] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2900] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2900] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2900] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2916] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2916] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[2916] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2916] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe[2944] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe[2944] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe[2944] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe[2944] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe[2944] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[2980] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2980] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[2980] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\svchost.exe[2980] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[3060] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3060] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[3060] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\SearchIndexer.exe[3060] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[3060] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3352] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Defender\MSASCui.exe[3352] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Defender\MSASCui.exe[3352] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3352] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Defender\MSASCui.exe[3352] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\RtHDVCpl.exe[3388] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[3388] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\RtHDVCpl.exe[3388] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\RtHDVCpl.exe[3388] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\RtHDVCpl.exe[3388] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[3540] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3540] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\rundll32.exe[3540] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\rundll32.exe[3540] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[3540] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\OEM\OSD_1.12\osd.exe[3656] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OEM\OSD_1.12\osd.exe[3656] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0B, 5F]
.text C:\Program Files\OEM\OSD_1.12\osd.exe[3656] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Program Files\OEM\OSD_1.12\osd.exe[3656] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[3848] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3848] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\svchost.exe[3848] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[3848] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\Taskmgr.exe[3900] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Taskmgr.exe[3900] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Taskmgr.exe[3900] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Taskmgr.exe[3900] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Taskmgr.exe[3900] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[4664] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[4664] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[4664] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[4664] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[4664] PSAPI.DLL!EnumProcesses 75571905 6 Bytes JMP 5F0D0F5A
.text C:\Users\Philipp\Desktop\74xf93cj.exe[5092] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Users\Philipp\Desktop\74xf93cj.exe[5092] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0B, 5F]
.text C:\Users\Philipp\Desktop\74xf93cj.exe[5092] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Users\Philipp\Desktop\74xf93cj.exe[5092] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[5620] ntdll.dll!NtTerminateProcess 76FD5344 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[5620] ntdll.dll!NtTerminateProcess + 4 76FD5348 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[5620] kernel32.dll!LoadLibraryExW 766F927C 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskeng.exe[5620] kernel32.dll!Process32Next 76721873 6 Bytes JMP 5F070F5A
---- Devices - GMER 1.0.15 ----
Device \Driver\DFInjDrv \Device\DFInjDrv DFInjDrv32.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\NdisTapi \Device\NdisTapi DFSYS.SYS
---- Processes - GMER 1.0.15 ----
Process C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe (*** hidden *** ) 3572
---- EOF - GMER 1.0.15 ----
[/code] mbr: Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD3200BEVT-22ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys win32k.sys
1 ntkrnlpa!IofCallDriver[0x82A8C912] -> \Device\Harddisk0\DR0[0x85CEBAC8]
3 CLASSPNP[0x8AD9F8B3] -> ntkrnlpa!IofCallDriver[0x82A8C912] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85B2CB98]
kernel: MBR read successfully
user & kernel MBR OK
|
|
04.12.2011, 02:50
| #4 |
| | System Fix entfernt- Laptop virenfrei? OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.12.2011 00:17:59 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Philipp\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 40,05% Memory free 6,18 Gb Paging File | 4,61 Gb Available in Paging File | 74,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 5,85 Gb Free Space | 6,21% Space Free | Partition Type: NTFS Drive D: | 195,14 Gb Total Space | 193,01 Gb Free Space | 98,91% Space Free | Partition Type: NTFS Computer Name: PHILIPPS-PC | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.01 21:10:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe PRC - [2011.11.09 19:01:45 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009.10.21 17:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.04 23:54:09 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008.04.28 17:21:56 | 000,374,784 | ---- | M] (ODM) -- C:\Programme\OEM\OSD_1.12\osd.exe PRC - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.04.25 07:25:52 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.22 09:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Programme\OEM\OSD_1.12\OsdService.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe ========== Modules (No Company Name) ========== MOD - [2011.11.09 19:01:45 | 000,849,368 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll MOD - [2010.07.16 22:23:36 | 005,612,496 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2009.08.20 01:19:40 | 000,074,984 | ---- | M] () -- C:\Programme\FILEminimizer Pictures\FILEMShell.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009.12.12 00:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.10.21 17:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe -- (DFSVC) SRV - [2009.09.16 20:08:36 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.01.04 23:54:09 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.02.22 09:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Programme\OEM\OSD_1.12\OsdService.exe -- (OsdService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007.08.23 21:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2007.08.22 08:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) ========== Driver Services (SafeList) ========== DRV - [2292.09.22 01:24:31 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111202.032\NAVEX15.SYS -- (NAVEX15) DRV - [2292.09.22 01:24:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111202.032\NAVENG.SYS -- (NAVENG) DRV - [2011.11.08 10:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011.11.08 10:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.10.17 23:22:24 | 000,286,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20111103.001\IDSvix86.sys -- (IDSvix86) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.12 00:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.10.15 17:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI) DRV - [2009.10.15 17:14:38 | 000,014,624 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Programme\T-Online\Dialerschutz-Software\DFSYS.sys -- (DFSYS) DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.02.19 11:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.02.19 11:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009.02.19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009.02.19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2009.02.19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009.02.19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2009.01.08 17:50:31 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.09.05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008.07.30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008.05.22 23:59:00 | 007,494,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.01 07:35:54 | 003,660,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2008.03.31 12:02:34 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.12.28 18:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.12.19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.11.21 10:31:26 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort) DRV - [2007.08.09 00:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2007.08.07 01:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.studivz.net/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de-de.facebook.com/index.php?lh=533538a313a0c195aaaba96792bd4735& IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 19:01:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.09 19:01:52 | 000,000,000 | ---D | M] [2009.12.28 20:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2011.12.03 15:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\1w91do94.default\extensions [2011.11.30 23:49:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\1w91do94.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.21 23:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.21 23:37:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 23:37:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 23:36:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.11.15 12:11:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.15 12:11:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.15 12:11:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.15 12:11:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.15 12:11:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.23 14:48:47 | 000,432,777 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14896 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe (T-Systems International GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\Philipp\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0FCC6BB-3009-4C90-814A-EA5B6E39848F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0f404d07-e1a9-11de-bc7e-e0552c85f339}\Shell - "" = AutoRun O33 - MountPoints2\{0f404d07-e1a9-11de-bc7e-e0552c85f339}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{578a74c8-dca4-11de-9866-c7db3f14ed95}\Shell\AutoRun\command - "" = H:\setupSNK.exe O33 - MountPoints2\{81a9b962-d9f3-11df-ac47-f3e5a27c116b}\Shell - "" = AutoRun O33 - MountPoints2\{81a9b962-d9f3-11df-ac47-f3e5a27c116b}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{81a9b99e-d9f3-11df-ac47-cb3d62e3ad1e}\Shell - "" = AutoRun O33 - MountPoints2\{81a9b99e-d9f3-11df-ac47-cb3d62e3ad1e}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{927a30fd-ddac-11de-9ab4-fd7d818cf989}\Shell - "" = AutoRun O33 - MountPoints2\{927a30fd-ddac-11de-9ab4-fd7d818cf989}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{927a30fe-ddac-11de-9ab4-fd7d818cf989}\Shell - "" = AutoRun O33 - MountPoints2\{927a30fe-ddac-11de-9ab4-fd7d818cf989}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{927a3105-ddac-11de-9ab4-b17da37f32e2}\Shell - "" = AutoRun O33 - MountPoints2\{927a3105-ddac-11de-9ab4-b17da37f32e2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{927a3121-ddac-11de-9ab4-f044d85012bc}\Shell - "" = AutoRun O33 - MountPoints2\{927a3121-ddac-11de-9ab4-f044d85012bc}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ae7adb76-d833-11de-9596-a88ed0c69bf2}\Shell - "" = AutoRun O33 - MountPoints2\{ae7adb76-d833-11de-9596-a88ed0c69bf2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b74e9c22-3d89-11df-8abb-975eea4b338c}\Shell\AutoRun\command - "" = I:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.02 02:59:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.02 02:26:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\logsi [2011.12.01 21:09:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2011.12.01 18:59:08 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTH.scr [2011.12.01 17:14:26 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Philipp\Desktop\tdsskiller.exe [2011.12.01 12:44:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes [2011.12.01 12:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.01 12:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.01 12:43:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.01 12:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.01 02:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.11.30 23:04:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011.11.12 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Kalender ========== Files - Modified Within 30 Days ========== [2011.12.03 23:56:30 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.12.03 23:49:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.03 23:39:17 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 23:39:17 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 21:39:34 | 000,078,253 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.12.03 21:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.03 16:19:53 | 000,002,489 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk [2011.12.03 16:19:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.03 15:46:16 | 000,302,592 | ---- | M] () -- C:\Users\Philipp\Desktop\74xf93cj.exe [2011.12.01 21:10:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2011.12.01 18:59:19 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTH.scr [2011.12.01 18:32:36 | 000,684,297 | ---- | M] () -- C:\Users\Philipp\Desktop\unhide.exe [2011.12.01 17:14:47 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Philipp\Desktop\tdsskiller.exe [2011.12.01 12:44:14 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.01 12:29:25 | 001,008,114 | ---- | M] () -- C:\Users\Philipp\Desktop\rkill.com [2011.11.30 23:36:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.30 23:36:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.30 23:36:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.30 23:36:04 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.30 23:11:28 | 000,000,448 | ---- | M] () -- C:\ProgramData\kTCk14WaoUjHMX [2011.11.30 23:09:47 | 000,000,312 | ---- | M] () -- C:\ProgramData\~kTCk14WaoUjHMX [2011.11.30 23:09:47 | 000,000,216 | ---- | M] () -- C:\ProgramData\~kTCk14WaoUjHMXr [2011.11.30 23:04:58 | 000,078,253 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.11.29 23:50:05 | 000,000,600 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security Online - Systemprüfung ausführen - Philipp.job [2011.11.27 00:29:26 | 000,033,984 | ---- | M] () -- C:\Users\Philipp\Documents\Video call snapshot 12.png [2011.11.27 00:27:54 | 000,095,478 | ---- | M] () -- C:\Users\Philipp\Documents\Video call snapshot 2.png [2011.11.20 19:51:34 | 000,082,944 | ---- | M] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.18 16:36:18 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2011.11.14 00:48:32 | 000,034,384 | ---- | M] () -- C:\Users\Philipp\Documents\Video call snapshot 15.png ========== Files Created - No Company Name ========== [2011.12.04 00:06:19 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.12.03 15:46:00 | 000,302,592 | ---- | C] () -- C:\Users\Philipp\Desktop\74xf93cj.exe [2011.12.01 18:32:22 | 000,684,297 | ---- | C] () -- C:\Users\Philipp\Desktop\unhide.exe [2011.12.01 12:44:14 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.01 12:29:09 | 001,008,114 | ---- | C] () -- C:\Users\Philipp\Desktop\rkill.com [2011.11.30 23:09:47 | 000,000,312 | ---- | C] () -- C:\ProgramData\~kTCk14WaoUjHMX [2011.11.30 23:09:47 | 000,000,216 | ---- | C] () -- C:\ProgramData\~kTCk14WaoUjHMXr [2011.11.30 23:04:36 | 000,000,448 | ---- | C] () -- C:\ProgramData\kTCk14WaoUjHMX [2011.11.27 00:28:57 | 000,033,984 | ---- | C] () -- C:\Users\Philipp\Documents\Video call snapshot 12.png [2011.11.27 00:27:44 | 000,095,478 | ---- | C] () -- C:\Users\Philipp\Documents\Video call snapshot 2.png [2011.11.14 00:48:17 | 000,034,384 | ---- | C] () -- C:\Users\Philipp\Documents\Video call snapshot 15.png [2011.02.01 19:09:36 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini [2011.02.01 17:51:06 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.06.08 09:43:09 | 000,000,680 | ---- | C] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat [2009.12.29 18:08:25 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.23 16:13:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.23 16:13:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.18 17:49:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.05 07:20:48 | 000,000,456 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\settings.ini [2009.05.04 01:37:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.03.29 17:03:36 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.01.06 03:10:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.02 22:50:08 | 000,082,944 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.30 18:44:22 | 000,000,314 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\wklnhst.dat [2008.12.30 18:32:31 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.12.07 13:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.07.03 05:11:42 | 000,078,253 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.03 05:11:42 | 000,078,253 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.04.27 09:33:36 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.11.21 10:31:26 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,337,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.12.01 23:21:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bytemobile [2011.01.24 13:37:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canon [2010.09.25 19:27:44 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.30 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FILEminimizerPictures [2011.11.30 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0 [2010.08.21 23:44:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org [2011.11.30 23:49:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PhotoScape [2011.02.04 14:28:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sierra [2009.01.02 22:00:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Template [2009.12.01 23:21:44 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vodafone [2009.12.01 23:27:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vodafone Mobile Connect [2011.12.03 16:18:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.12.2011 00:17:59 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Philipp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 40,05% Memory free
6,18 Gb Paging File | 4,61 Gb Available in Paging File | 74,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 5,85 Gb Free Space | 6,21% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 193,01 Gb Free Space | 98,91% Space Free | Partition Type: NTFS
Computer Name: PHILIPPS-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10831250-726E-46D2-A54E-AFF673C6BD17}" = rport=139 | protocol=6 | dir=out | app=system |
"{12E26E63-1AD3-4B2A-85B7-89C749CA7D0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{31136051-CA9D-4400-9245-B168E6B4F053}" = lport=137 | protocol=17 | dir=in | app=system |
"{37667889-4D64-4C09-A851-182278C16EF0}" = lport=445 | protocol=6 | dir=in | app=system |
"{419D67BB-4CE8-43C4-AB78-9CA1BB2E71B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{75C52308-EB6C-4376-A358-288FCEEE0C97}" = lport=138 | protocol=17 | dir=in | app=system |
"{775F0344-1886-4388-877C-C51473A6FACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9DBCB499-4CD7-4BCE-AF8F-BB15B7738C5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFD503ED-BEF9-404C-B8EC-03AFA22F7299}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E54D9432-7BAE-4D43-ADBF-1397FD4A0305}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED5CA544-C1A3-450E-A620-B580A98710FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF88EC1A-4DC5-425F-B57A-8D63C742F927}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083B0077-8448-41E4-8A1D-E7670D5D3FF0}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{2282B372-A9DF-4242-AB94-FADA40B9E805}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3AB9081F-BBB4-441A-B2D9-CD26C2834064}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3DD665F5-48AA-4F7B-A2A4-C897F48FF30B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{46D36E57-5373-4ECB-9E46-39C25484FF48}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47900B3A-F7B1-4EA0-9167-7EACB794B70D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4B22E396-915B-4AF9-8B6C-6AE9F225D602}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5784412B-3CCC-414E-8961-469E8774AB05}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{5A8E06A3-746A-4D5D-B6EC-C9F39C88BB4D}" = protocol=6 | dir=in | app=e:\alicesetup.exe |
"{65D77617-31B4-4708-B0C4-F59D7D20EB45}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6E555262-445B-4AB9-B5E4-09DFAF397347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{900E1067-BB40-4185-BAC4-BE21CA61742E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98A8B04D-849C-49F6-B0B4-24E63558B815}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B66AF5EC-F941-43A8-B21C-E1881A839036}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B8AD4B2C-5EA5-4708-84A3-354183C1030D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA386FF4-F34A-4233-87FF-611EB089A3B3}" = protocol=17 | dir=in | app=e:\alicesetup.exe |
"{FBF21EAB-6690-4762-B0BA-53AFFB7653C0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{FDE835E6-C751-406B-A927-3832387AC935}C:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe |
"UDP Query User{CF7DF3FE-308D-435E-AF42-9A50C566A3AC}C:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26AF3ABB-9BC4-48FC-8864-D6CA9384CF2F}" = SymNet
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.1
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{369E2004-86A5-4CA5-BB80-7D65041B8531}" = Symantec Real Time Storage Protection Component
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 )
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EOS Utility" = Canon Utilities EOS Utility
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Finale 2008" = Finale 2008
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.1.1
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PowerISO" = PowerISO
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.11.2010 10:24:11 | Computer Name = Philipps-PC | Source = RasClient | ID = 20227
Description =
Error - 11.11.2010 10:32:00 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.11.2010 10:32:08 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.11.2010 10:32:08 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.11.2010 10:32:08 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.11.2010 10:32:09 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.11.2010 10:32:13 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.11.2010 10:32:14 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.11.2010 10:32:14 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.11.2010 10:32:14 | Computer Name = Philipps-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 26.03.2009 17:34:31 | Computer Name = Philipps-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 22 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.12.2011 12:26:59 | Computer Name = Philipps-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.12.2011 13:08:34 | Computer Name = Philipps-PC | Source = DCOM | ID = 10016
Description =
Error - 01.12.2011 14:49:30 | Computer Name = Philipps-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 01.12.2011 15:27:49 | Computer Name = Philipps-PC | Source = DCOM | ID = 10016
Description =
Error - 01.12.2011 15:38:16 | Computer Name = Philipps-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 01.12.2011 15:38:18 | Computer Name = Philipps-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.12.2011 22:22:00 | Computer Name = Philipps-PC | Source = DCOM | ID = 10016
Description =
Error - 03.12.2011 10:15:06 | Computer Name = Philipps-PC | Source = DCOM | ID = 10016
Description =
Error - 03.12.2011 10:17:08 | Computer Name = Philipps-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 03.12.2011 11:20:38 | Computer Name = Philipps-PC | Source = DCOM | ID = 10016
Description =
< End of report >
programme: Code:
ATTFilter Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 29.12.2008 14,0MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 02.05.2009 10.0.22.87
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 15.07.2010 10.1.53.64
Adobe Flash Player 9 ActiveX Adobe Systems, Inc. 29.12.2008 3,05MB 9.0.124.0
Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 02.07.2008 99,6MB 8.1.2
CANON iMAGE GATEWAY MyCamera Download Plugin Canon Inc. 22.01.2011 0,60MB 3.1.0.1
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 22.01.2011 72,1MB 1.8.0.1
Canon Internet Library for ZoomBrowser EX Canon Inc. 22.01.2011 72,1MB 1.7.0.1
Canon MOV Decoder Canon Inc. 22.01.2011 4,71MB 1.7.0.6
Canon MOV Encoder Canon Inc. 22.01.2011 2,86MB 1.5.0.3
Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 22.01.2011 72,1MB 3.6.0.5
Canon Utilities Digital Photo Professional 3.9 Canon Inc. 22.01.2011 61,9MB 3.9.1.0
Canon Utilities EOS Utility Canon Inc. 22.01.2011 45,1MB 2.9.0.0
Canon Utilities Original Data Security Tools Canon Inc. 22.01.2011 6,81MB 1.9.0.1
Canon Utilities PhotoStitch Canon Inc. 22.01.2011 6,14MB 3.1.22.46
Canon Utilities Picture Style Editor Canon Inc. 22.01.2011 33,5MB 1.8.0.0
Canon Utilities WFT Utility Canon Inc. 22.01.2011 5,76MB 3.5.1.1
Canon Utilities ZoomBrowser EX Canon Inc. 22.01.2011 72,1MB 6.6.0.23
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 22.01.2011 14,1MB 1.4.0.4
CCleaner Piriform 03.12.2011 4,20MB 3.13
Compatibility Pack für 2007 Office System Microsoft Corporation 15.09.2011 58,4MB 12.0.6425.1000
DivX Player DivX, Inc. 20.02.2010 8,43MB 7.2.0
DivX Plus Web Player DivX,Inc. 20.02.2010 8,77MB 2.0.0
Empire Earth II Sierra 03.02.2011 1.068MB 1.02
FILEminimizer Pictures balesio AG 31.01.2011 3,91MB
Finale 2008 MakeMusic 27.05.2009 286MB 13.0.28
FSCLounge Fujitsu Siemens Computers 29.12.2008 8,47MB 1.0.0
Fujitsu Siemens Computers Recovery Fujitsu Siemens Computers 29.12.2008 7,06MB 1.3.8
Grand Theft Auto Vice City 20.06.2009 1.502MB 1.00.000
Java(TM) 6 Update 20 Sun Microsystems, Inc. 21.08.2010 97,2MB 6.0.200
LiveUpdate (Symantec Corporation) Symantec 12.07.2007 9,98MB 3.4.0.162
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 30.11.2011 6,77MB 1.51.2.1300
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 22.08.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 25.07.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,92MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 25.07.2009 301MB 12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 15.09.2011 51,5MB 12.0.6425.1000
Microsoft Office Standard Edition 2003 Microsoft Corporation 08.11.2011 372MB 11.0.8173.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.06.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 01.12.2011 11,1MB 10.0.40219
Microsoft Works Microsoft Corporation 17.12.2010 377MB 9.7.0621
Mozilla Firefox (3.6.24) Mozilla 08.11.2011 26,9MB 3.6.24 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 05.01.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 28.11.2009 1,34MB 4.20.9876.0
Nero 8 Essentials Nero AG 02.07.2008 1.759MB 8.3.161
Norton Internet Security Online (Symantec Corporation) Symantec Corporation 01.01.2009 53,6MB 15.0.0.60
NVIDIA Drivers 04.12.2009
O&O MediaRecovery O&O Software GmbH 31.01.2011 6,39MB 4.1.1322
OpenVPN 2.1.1 10.11.2010 3,98MB 2.1.1
OSD_1.12 OEM 29.12.2008 1,23MB 1.0.0
PhotoScape 30.01.2011 27,4MB
PowerISO 26.05.2009 2,16MB
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 02.07.2008
Skype™ 5.3 Skype Technologies S.A. 05.06.2011 22,6MB 5.3.111
Spybot - Search & Destroy Safer Networking Limited 22.04.2011 63,2MB 1.6.2
SystemDiagnostics Fujitsu Siemens Computers 29.12.2008 13,6MB 2.01.0004
T-Home Dialerschutz-Software 25.12.2009 1,01MB
UltraMixer 2.4.1 UltraMixer Digital Audio Solutions 12.04.2011 121,8MB 2.4.1
Vista Codec Package Shark007 07.05.2009 54,5MB 5.2.4
Windows Live Anmelde-Assistent Microsoft Corporation 07.03.2009 1,93MB 5.000.818.6
Windows Live Essentials Microsoft Corporation 21.12.2009 44,0MB 14.0.8089.0726
Windows Live-Uploadtool Microsoft Corporation 21.12.2009 0,22MB 14.0.8014.1029
Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 ) Leaf Imaging Ltd. 12.07.2011 10.362MB 02/11/2010
WinRAR 12.05.2010 3,78MB
Vielen Dank soweit! Gruß, Philipp |
|
05.12.2011, 14:14
| #5 | ||||||
| /// Helfer-Team | System Fix entfernt- Laptop virenfrei? 1. Windows Defender: Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender Windows Defender komplett deaktivieren Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe) Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen. Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen. Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen. Start => services.msc ins Suchfeld eingeben. Es öffnet sich das Fenster der Dienste Doppelklick auf den Dienst "Windows Defender" Starttyp auf "Manuell" umstellen. Dienststatus beenden, falls der Dienst noch gestartet ist. ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 2. als Startseite absichtlich zugefügt?: Zitat:
Zitat:
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"... 4. Zitat:
Code:
ATTFilter :OTL
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2010.11.15 12:11:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f404d07-e1a9-11de-bc7e-e0552c85f339}\Shell - "" = AutoRun
O33 - MountPoints2\{0f404d07-e1a9-11de-bc7e-e0552c85f339}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{578a74c8-dca4-11de-9866-c7db3f14ed95}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\{81a9b962-d9f3-11df-ac47-f3e5a27c116b}\Shell - "" = AutoRun
O33 - MountPoints2\{81a9b962-d9f3-11df-ac47-f3e5a27c116b}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{81a9b99e-d9f3-11df-ac47-cb3d62e3ad1e}\Shell - "" = AutoRun
O33 - MountPoints2\{81a9b99e-d9f3-11df-ac47-cb3d62e3ad1e}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{927a30fd-ddac-11de-9ab4-fd7d818cf989}\Shell - "" = AutoRun
O33 - MountPoints2\{927a30fd-ddac-11de-9ab4-fd7d818cf989}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{927a30fe-ddac-11de-9ab4-fd7d818cf989}\Shell - "" = AutoRun
O33 - MountPoints2\{927a30fe-ddac-11de-9ab4-fd7d818cf989}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{927a3105-ddac-11de-9ab4-b17da37f32e2}\Shell - "" = AutoRun
O33 - MountPoints2\{927a3105-ddac-11de-9ab4-b17da37f32e2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{927a3121-ddac-11de-9ab4-f044d85012bc}\Shell - "" = AutoRun
O33 - MountPoints2\{927a3121-ddac-11de-9ab4-f044d85012bc}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ae7adb76-d833-11de-9596-a88ed0c69bf2}\Shell - "" = AutoRun
O33 - MountPoints2\{ae7adb76-d833-11de-9596-a88ed0c69bf2}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b74e9c22-3d89-11df-8abb-975eea4b338c}\Shell\AutoRun\command - "" = I:\Menu.exe
[2011.12.03 23:49:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.03 16:19:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.30 23:11:28 | 000,000,448 | ---- | M] () -- C:\ProgramData\kTCk14WaoUjHMX
[2011.11.30 23:09:47 | 000,000,312 | ---- | M] () -- C:\ProgramData\~kTCk14WaoUjHMX
[2011.11.30 23:09:47 | 000,000,216 | ---- | M] () -- C:\ProgramData\~kTCk14WaoUjHMXr
:Commands
[purity]
[REBOOT]
5. nochmal ausführen: Zitat:
Zitat:
erneut einen Scan mit OTL:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
07.12.2011, 01:07
| #6 |
| | System Fix entfernt- Laptop virenfrei? Hallo Kira, Windows Defender habe ich nun deaktiviert! Spybot möchte ich aber trotz allem noch behalten. Oder was wäre denn eine sinnvolle Alternative? Das Fixen mit OTL hat leider nicht funktioniert, es gab kein Textdokument.Hab das dann noch 2 mal versucht, aber es gab kein anderes Ergebnis. Unhide hat (deshalb?) auch nicht funktioniert, die Icons sind weiterhin verborgen. Hab den OTL- Scan noch gemacht und das sind die Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.12.2011 00:27:17 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Philipp\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,24% Memory free 6,18 Gb Paging File | 5,13 Gb Available in Paging File | 82,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 6,60 Gb Free Space | 7,01% Space Free | Partition Type: NTFS Drive D: | 195,14 Gb Total Space | 193,01 Gb Free Space | 98,91% Space Free | Partition Type: NTFS Computer Name: PHILIPPS-PC | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.01 21:10:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe PRC - [2011.12.01 18:32:36 | 000,684,297 | ---- | M] () -- C:\Users\Philipp\Desktop\unhide.exe PRC - [2011.11.09 19:01:45 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009.10.21 17:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\CCSVCHST.EXE PRC - [2008.04.28 17:21:56 | 000,374,784 | ---- | M] (ODM) -- C:\Programme\OEM\OSD_1.12\osd.exe PRC - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.04.25 07:25:52 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.22 09:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Programme\OEM\OSD_1.12\OsdService.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2006.11.02 10:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe ========== Modules (No Company Name) ========== MOD - [2011.12.04 16:17:48 | 006,276,768 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.12.01 18:32:36 | 000,684,297 | ---- | M] () -- C:\Users\Philipp\Desktop\unhide.exe MOD - [2011.11.09 19:01:45 | 000,849,368 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll MOD - [2009.08.20 01:19:40 | 000,074,984 | ---- | M] () -- C:\Programme\FILEminimizer Pictures\FILEMShell.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009.12.12 00:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.10.21 17:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe -- (DFSVC) SRV - [2009.09.16 20:08:36 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.01.04 23:54:09 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.02.22 09:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Programme\OEM\OSD_1.12\OsdService.exe -- (OsdService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007.08.23 21:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2007.08.22 08:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) ========== Driver Services (SafeList) ========== DRV - [2292.09.22 01:24:31 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111206.002\NAVEX15.SYS -- (NAVEX15) DRV - [2292.09.22 01:24:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111206.002\NAVENG.SYS -- (NAVENG) DRV - [2011.11.08 10:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011.11.08 10:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.10.17 23:22:24 | 000,286,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20111203.001\IDSvix86.sys -- (IDSvix86) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.12 00:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.10.15 17:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI) DRV - [2009.10.15 17:14:38 | 000,014,624 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Programme\T-Online\Dialerschutz-Software\DFSYS.sys -- (DFSYS) DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.02.19 11:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.02.19 11:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009.02.19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009.02.19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2009.02.19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009.02.19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2009.01.08 17:50:31 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.09.05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008.07.30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008.05.22 23:59:00 | 007,494,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.01 07:35:54 | 003,660,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2008.03.31 12:02:34 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.12.28 18:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.12.19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.11.21 10:31:26 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort) DRV - [2007.08.09 00:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2007.08.07 01:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.studivz.net/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de-de.facebook.com/index.php?lh=533538a313a0c195aaaba96792bd4735& IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 19:01:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.09 19:01:52 | 000,000,000 | ---D | M] [2009.12.28 20:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2011.12.06 16:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\1w91do94.default\extensions [2011.11.30 23:49:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\1w91do94.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.21 23:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.21 23:37:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 23:37:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 23:36:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.11.15 12:11:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.15 12:11:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.15 12:11:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.15 12:11:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2011.04.23 14:48:47 | 000,432,777 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14896 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Online\Dialerschutz-Software\Defender.exe (T-Systems International GmbH) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\Philipp\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0FCC6BB-3009-4C90-814A-EA5B6E39848F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.05 22:17:02 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.04 16:17:48 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.12.04 02:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.02 02:59:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.02 02:26:11 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\logsi [2011.12.01 21:09:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2011.12.01 18:59:08 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTH.scr [2011.12.01 17:14:26 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Philipp\Desktop\tdsskiller.exe [2011.12.01 12:44:31 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes [2011.12.01 12:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.01 12:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.01 12:43:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.01 12:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.01 02:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.11.30 23:04:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011.11.12 23:46:01 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Kalender ========== Files - Modified Within 30 Days ========== [2011.12.07 00:14:18 | 000,002,489 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk [2011.12.07 00:14:11 | 000,078,253 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.12.07 00:12:55 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.07 00:12:55 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.07 00:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.05 22:16:31 | 000,000,600 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security Online - Systemprüfung ausführen - Philipp.job [2011.12.05 00:39:03 | 000,014,156 | ---- | M] () -- C:\Users\Philipp\Documents\Video call snapshot 20.png [2011.12.04 16:17:48 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.12.04 02:29:00 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.03 23:56:30 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.12.03 15:46:16 | 000,302,592 | ---- | M] () -- C:\Users\Philipp\Desktop\74xf93cj.exe [2011.12.01 21:10:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2011.12.01 18:59:19 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTH.scr [2011.12.01 18:32:36 | 000,684,297 | ---- | M] () -- C:\Users\Philipp\Desktop\unhide.exe [2011.12.01 17:14:47 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Philipp\Desktop\tdsskiller.exe [2011.12.01 12:44:14 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.01 12:29:25 | 001,008,114 | ---- | M] () -- C:\Users\Philipp\Desktop\rkill.com [2011.11.30 23:36:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.30 23:36:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.30 23:36:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.30 23:36:04 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.30 23:04:58 | 000,078,253 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.11.27 00:29:26 | 000,033,984 | ---- | M] () -- C:\Users\Philipp\Documents\Video call snapshot 12.png [2011.11.27 00:27:54 | 000,095,478 | ---- | M] () -- C:\Users\Philipp\Documents\Video call snapshot 2.png [2011.11.20 19:51:34 | 000,082,944 | ---- | M] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.18 16:36:18 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2011.11.14 00:48:32 | 000,034,384 | ---- | M] () -- C:\Users\Philipp\Documents\Video call snapshot 15.png ========== Files Created - No Company Name ========== [2011.12.05 00:39:02 | 000,014,156 | ---- | C] () -- C:\Users\Philipp\Documents\Video call snapshot 20.png [2011.12.04 02:29:00 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.12.04 00:06:19 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.12.03 15:46:00 | 000,302,592 | ---- | C] () -- C:\Users\Philipp\Desktop\74xf93cj.exe [2011.12.01 18:32:22 | 000,684,297 | ---- | C] () -- C:\Users\Philipp\Desktop\unhide.exe [2011.12.01 12:44:14 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.01 12:29:09 | 001,008,114 | ---- | C] () -- C:\Users\Philipp\Desktop\rkill.com [2011.11.27 00:28:57 | 000,033,984 | ---- | C] () -- C:\Users\Philipp\Documents\Video call snapshot 12.png [2011.11.27 00:27:44 | 000,095,478 | ---- | C] () -- C:\Users\Philipp\Documents\Video call snapshot 2.png [2011.11.14 00:48:17 | 000,034,384 | ---- | C] () -- C:\Users\Philipp\Documents\Video call snapshot 15.png [2011.02.01 19:09:36 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini [2011.02.01 17:51:06 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.06.08 09:43:09 | 000,000,680 | ---- | C] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat [2009.12.29 18:08:25 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.23 16:13:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.23 16:13:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.18 17:49:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.05 07:20:48 | 000,000,456 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\settings.ini [2009.05.04 01:37:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.03.29 17:03:36 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.01.06 03:10:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.02 22:50:08 | 000,082,944 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.30 18:44:22 | 000,000,314 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\wklnhst.dat [2008.12.30 18:32:31 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.12.07 13:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.07.03 05:11:42 | 000,078,253 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.03 05:11:42 | 000,078,253 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.04.27 09:33:36 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.11.21 10:31:26 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,337,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.12.01 23:21:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Bytemobile [2011.01.24 13:37:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canon [2010.09.25 19:27:44 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.30 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FILEminimizerPictures [2011.11.30 23:49:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\gtk-2.0 [2010.08.21 23:44:12 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org [2011.11.30 23:49:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PhotoScape [2011.02.04 14:28:23 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Sierra [2009.01.02 22:00:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Template [2009.12.01 23:21:44 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vodafone [2009.12.01 23:27:18 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Vodafone Mobile Connect [2011.12.07 00:10:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.12.2011 00:27:17 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Philipp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,24% Memory free
6,18 Gb Paging File | 5,13 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 6,60 Gb Free Space | 7,01% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 193,01 Gb Free Space | 98,91% Space Free | Partition Type: NTFS
Computer Name: PHILIPPS-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10831250-726E-46D2-A54E-AFF673C6BD17}" = rport=139 | protocol=6 | dir=out | app=system |
"{12E26E63-1AD3-4B2A-85B7-89C749CA7D0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{31136051-CA9D-4400-9245-B168E6B4F053}" = lport=137 | protocol=17 | dir=in | app=system |
"{37667889-4D64-4C09-A851-182278C16EF0}" = lport=445 | protocol=6 | dir=in | app=system |
"{419D67BB-4CE8-43C4-AB78-9CA1BB2E71B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{75C52308-EB6C-4376-A358-288FCEEE0C97}" = lport=138 | protocol=17 | dir=in | app=system |
"{775F0344-1886-4388-877C-C51473A6FACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9DBCB499-4CD7-4BCE-AF8F-BB15B7738C5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFD503ED-BEF9-404C-B8EC-03AFA22F7299}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E54D9432-7BAE-4D43-ADBF-1397FD4A0305}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED5CA544-C1A3-450E-A620-B580A98710FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF88EC1A-4DC5-425F-B57A-8D63C742F927}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083B0077-8448-41E4-8A1D-E7670D5D3FF0}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{2282B372-A9DF-4242-AB94-FADA40B9E805}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3AB9081F-BBB4-441A-B2D9-CD26C2834064}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3DD665F5-48AA-4F7B-A2A4-C897F48FF30B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{46D36E57-5373-4ECB-9E46-39C25484FF48}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47900B3A-F7B1-4EA0-9167-7EACB794B70D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4B22E396-915B-4AF9-8B6C-6AE9F225D602}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5784412B-3CCC-414E-8961-469E8774AB05}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{5A8E06A3-746A-4D5D-B6EC-C9F39C88BB4D}" = protocol=6 | dir=in | app=e:\alicesetup.exe |
"{65D77617-31B4-4708-B0C4-F59D7D20EB45}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6E555262-445B-4AB9-B5E4-09DFAF397347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{900E1067-BB40-4185-BAC4-BE21CA61742E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98A8B04D-849C-49F6-B0B4-24E63558B815}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B66AF5EC-F941-43A8-B21C-E1881A839036}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B8AD4B2C-5EA5-4708-84A3-354183C1030D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA386FF4-F34A-4233-87FF-611EB089A3B3}" = protocol=17 | dir=in | app=e:\alicesetup.exe |
"{FBF21EAB-6690-4762-B0BA-53AFFB7653C0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{FDE835E6-C751-406B-A927-3832387AC935}C:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe |
"UDP Query User{CF7DF3FE-308D-435E-AF42-9A50C566A3AC}C:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\gearbox software\brothersinarmseib\system\eib.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26AF3ABB-9BC4-48FC-8864-D6CA9384CF2F}" = SymNet
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.1
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{369E2004-86A5-4CA5-BB80-7D65041B8531}" = Symantec Real Time Storage Protection Component
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 )
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EOS Utility" = Canon Utilities EOS Utility
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Finale 2008" = Finale 2008
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.1.1
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PowerISO" = PowerISO
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Vielen Dank für deine Hilfe, Philipp |
|
07.12.2011, 11:57
| #7 | |
| /// Helfer-Team | System Fix entfernt- Laptop virenfrei?Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
07.12.2011, 17:27
| #8 |
| | System Fix entfernt- Laptop virenfrei? OK, dann ists ja gut  Habe gedacht, dass das Erscheinen des Texdokuments nach dem Neustart obligatorisch fuer den Erfolg gewesen wäre. Gruss, Philipp |
|
08.12.2011, 07:56
| #9 | |||
| /// Helfer-Team | System Fix entfernt- Laptop virenfrei?Zitat:
wenn noch mit Unhide keinen Erfolg erzielt hast: Ich habe zwei Vorschläge: : 1. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 2. Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (08.12.2011 um 08:04 Uhr) |
|
09.12.2011, 16:13
| #10 |
| | System Fix entfernt- Laptop virenfrei? Also, hab beim Startmenü die Standardeinstellungen ausgewählt und schwupps war alle wieder da, danach noch die Schnellstartleiste bearbeitet und jetzt hab ich meine icons wieder...!  Systemwiederherstellung ist also nicht nötig oder? Gruß, Philipp |
|
10.12.2011, 08:29
| #11 |
| /// Helfer-Team | System Fix entfernt- Laptop virenfrei? wenn du einen sauberen Systempunkt hast, vlt ist einen Versuch wert (kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis), ansonsten machen wir einfach mal weiter: 1. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 2. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 3. reinige dein System mit Ccleaner:
4.
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu System Fix entfernt- Laptop virenfrei? |
| anhang, anleitung, antivirus, befinden, board, dankbar, eingestuft, entferne, entfernt, fehlen, fix, geklappt, gelöscht, laptop, leitung, logfiles, malwarebytes, norton, programm, schei, system, system fix virus, versuche, virenfrei, virus, vollständig |
.
Linear-Darstellung
