|
Plagegeister aller Art und deren Bekämpfung: S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch daWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.06.2012, 16:10 | #1 |
| S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch da Ich habe einen Rechner mit Windows 7. Gestern abend habe ich mir wohl einen Virus eingefangen. Alles ist verschwunden. Nur der Papierkorb ist noch da. Im Windows-Startmenue ist auch alles weg außer Programme. Wenn man dort was anklickt, sagt der Rechner leer. Ich konnte aber das Internet öffnen unter Programme/Dateien durchsuchen. Ich habe das Programm Malewarebytes runtergeladen und ein Quick-Scan durchgeführt. Daraufhin wurden 9 infizierte Dateien gefunden. Diese habe ich dann mit dem Programm entfernt. Wie ich gerade irgendwo gelesen habe, war das wohl falsch. Ich hätte dies wohl nur in Qurantäne verschieben dürfen. Jetzt habe ich folgende Probleme: Zum einen weiß ich nicht, ob der Virus wirklich weg ist und zum anderen weiß ich nicht, wie ich jetzt wieder alles sichtbar mache bzw. rette oder entschlüssele. Ich habe von solchen Dingen absolut keine Ahnung, deshalb wäre es sehr sehr nett, wenn man mit mir Schritt für Schritt alles durchgehen könnte. Ich wäre echt sehr dankbar, wenn wir zusammen den Computer wieder hinbekommen würden. Ansonsten kann ich den Computer nur irgendwo zur Reparatur abgeben. |
25.06.2012, 18:05 | #2 |
| S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch da Hi,
__________________Unhide Lade Dir unhide von folgender Adresse runter und dann per Doppelklick als Admin ausführen: http://filepony.de/download-unhide/ Es werden alle versteckten Dateien sichtbar gemacht, ggf. welche die versteckt sein sollten wieder unsichtbar machen (Auswählen im Explorer->Eigenschaften->versteckt) MAM aufrufen und im Reiter "Logdateien" findest Du das Logfile, bitte abkopieren und posten... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
25.06.2012, 19:21 | #3 |
| S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch da Hallo Chris!
__________________Erst einmal vielen Dank für die schnelle Hilfe. Punkt 1 mit unhide hat schon einmal geklappt. Es sieht schon einmal ganz gut aus. Es scheint alles wieder sichtbar zu sein. Ich denke, es war so zu verstehen, dass ich hier die Log-Dateien posten soll von Malwarebytes Anti Malware. Das sind die Logdateien von dem heutigen Quick-Scan. Oder sollte ich den Scan noch einmal drüber laufen lassen? Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235497 Laufzeit: 5 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 2 C:\ProgramData\jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> 3656 -> Löschen bei Neustart. C:\ProgramData\4ocpBXceD2BoLX.exe (Trojan.FakeAlert) -> 2448 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\jdhNjPXkrCGrLYP.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\ProgramData\jdhNjPXkrCGrLYP.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\4ocpBXceD2BoLX.exe (Trojan.FakeAlert) -> Löschen bei Neustart. C:\Users\Petra\AppData\Local\Temp\tedTAWSCCcQt2H.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Petra\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2012/06/25 16:05:23 +0200 ANDREAS-VAIO Petra MESSAGE Executing scheduled update: Daily 2012/06/25 16:05:23 +0200 ANDREAS-VAIO Petra MESSAGE Starting protection 2012/06/25 16:05:24 +0200 ANDREAS-VAIO Petra MESSAGE Database already up-to-date 2012/06/25 16:05:26 +0200 ANDREAS-VAIO Petra MESSAGE Protection started successfully 2012/06/25 16:05:29 +0200 ANDREAS-VAIO Petra MESSAGE Starting IP protection 2012/06/25 16:05:33 +0200 ANDREAS-VAIO Petra MESSAGE IP Protection started successfully 2012/06/25 16:16:24 +0200 ANDREAS-VAIO (null) IP-BLOCK 93.174.88.223 (Type: outgoing, Port: 49177, Process: 4ocpbxced2bolx.exe) 2012/06/25 16:19:16 +0200 ANDREAS-VAIO Petra MESSAGE Starting protection 2012/06/25 16:19:22 +0200 ANDREAS-VAIO Petra MESSAGE Protection started successfully 2012/06/25 16:19:25 +0200 ANDREAS-VAIO Petra MESSAGE Starting IP protection 2012/06/25 16:19:29 +0200 ANDREAS-VAIO Petra MESSAGE IP Protection started successfully 2012/06/25 17:54:18 +0200 ANDREAS-VAIO Petra MESSAGE Starting protection 2012/06/25 17:54:22 +0200 ANDREAS-VAIO Petra MESSAGE Protection started successfully 2012/06/25 17:54:25 +0200 ANDREAS-VAIO Petra MESSAGE Starting IP protection 2012/06/25 17:54:29 +0200 ANDREAS-VAIO Petra MESSAGE IP Protection started successfully 2012/06/25 18:15:36 +0200 ANDREAS-VAIO Petra IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 49625, Process: iexplore.exe) 2012/06/25 18:15:36 +0200 ANDREAS-VAIO Petra IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 49626, Process: iexplore.exe) 2012/06/25 18:15:36 +0200 ANDREAS-VAIO Petra IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 49628, Process: iexplore.exe) 2012/06/25 18:15:36 +0200 ANDREAS-VAIO Petra IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 49627, Process: iexplore.exe) Den nächsten Punkt OTL muß ich gleich noch erledigen. Viele Grüße Petra Hallo Chris, ich hoffe, ich habe alles richtig gemacht. Hier habe ich die gewünschten Dateien kopiert. Hier kommt die OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.06.2012 20:38:11 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Petra\Documents 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,45% Memory free 7,68 Gb Paging File | 5,62 Gb Available in Paging File | 73,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,64 Gb Total Space | 218,21 Gb Free Space | 75,60% Space Free | Partition Type: NTFS Computer Name: ANDREAS-VAIO | User Name: Petra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Petra\Documents\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingBar.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe (Microsoft Corporation.) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (TuneUp.Defrag) @C:\Program Files (x86) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://de.msn.com/?pc=BB07 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{2BF4AE90-A7A4-4948-8654-B4A66F6EAA01}: "URL" = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices IE - HKCU\..\SearchScopes\{5084FCA7-B7E3-4250-B70B-CB5868D92127}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{7106AB8F-7630-4473-A529-60CD7762D094}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{8D79C5ED-A9EE-41FC-9203-5346947D06F5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=7c11f8fc-6ba3-4eae-ba5d-bafb239cf4ce&apn_sauid=45BCDE09-15E6-4E85-A982-0CEC3F76A91F& IE - HKCU\..\SearchScopes\{BC66D00B-4D73-458F-869C-79B7D530CAE3}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [2011.11.03 21:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\mozilla\Extensions [2011.11.03 21:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Andreas\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Andreas\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01B24148-CD1C-4D21-A9FA-BCDD53763789}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB2AB76-7D83-451C-B23C-537935324F8D}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.25 20:23:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Petra\Documents\OTL.exe [2012.06.25 19:08:17 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Petra\Documents\unhide.exe [2012.06.25 16:04:28 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Malwarebytes [2012.06.25 16:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.25 16:04:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.25 16:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.25 16:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.24 16:03:09 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.24 16:03:09 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.24 16:03:09 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.24 16:02:59 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.24 16:02:59 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.24 16:02:59 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.24 16:02:46 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.24 16:02:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.13 21:18:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 21:18:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 21:18:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 21:18:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 21:18:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 21:18:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 21:18:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 21:18:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 21:18:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 21:18:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 21:18:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 21:18:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 21:18:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 20:38:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 20:38:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 20:38:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 20:38:37 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 20:38:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 20:38:36 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 20:38:12 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 20:37:56 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 20:37:55 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.25 20:23:18 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Documents\OTL.exe [2012.06.25 20:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.25 20:03:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.25 19:08:18 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Petra\Documents\unhide.exe [2012.06.25 18:00:10 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 18:00:10 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 17:51:44 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.25 17:51:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.25 17:51:15 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys [2012.06.25 16:04:25 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 00:19:36 | 000,000,152 | ---- | M] () -- C:\ProgramData\-4ocpBXceD2BoLXr [2012.06.25 00:19:36 | 000,000,000 | ---- | M] () -- C:\ProgramData\-4ocpBXceD2BoLX [2012.06.25 00:19:27 | 000,000,256 | ---- | M] () -- C:\ProgramData\4ocpBXceD2BoLX [2012.06.24 19:39:46 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.24 19:39:46 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.24 19:39:46 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.24 19:39:46 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.24 19:39:46 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.24 16:54:29 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012.06.18 19:58:40 | 046,216,146 | ---- | M] () -- C:\Users\Petra\Documents\Update_kindle_4.1.0_B00E.bin [2012.06.16 21:40:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.16 21:40:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.15 19:14:23 | 000,455,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 17:05:44 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.25 19:14:05 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\Vokabeltrainer 6.0 Französisch.lnk [2012.06.25 19:14:05 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Kurs 6.0 Französisch.lnk [2012.06.25 19:14:05 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.06.25 19:14:05 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.06.25 19:14:04 | 000,002,397 | ---- | C] () -- C:\Users\Public\Desktop\Grammatiktrainer 6.0 Franzoesisch.lnk [2012.06.25 19:14:04 | 000,002,344 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.25 19:14:04 | 000,002,307 | ---- | C] () -- C:\Users\Public\Desktop\Kurs 2 6.0 Französisch.lnk [2012.06.25 19:14:04 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.06.25 19:14:04 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.06.25 19:14:03 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.06.25 19:14:03 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.25 19:14:03 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.06.25 19:14:03 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012.06.25 19:14:02 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.06.25 19:14:02 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012.06.25 19:14:01 | 000,002,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Support für Übertragungen.lnk [2012.06.25 19:14:01 | 000,002,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk [2012.06.25 19:14:01 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Movie Story.lnk [2012.06.25 19:14:01 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk [2012.06.25 19:14:01 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012.06.25 19:14:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.06.25 19:14:01 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012.06.25 19:14:01 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2012.06.25 19:14:01 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Wiederherstellungscenter.lnk [2012.06.25 19:14:01 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk [2012.06.25 19:14:00 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk [2012.06.25 19:14:00 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk [2012.06.25 19:14:00 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Content Exporter.lnk [2012.06.25 19:14:00 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012.06.25 19:13:59 | 000,002,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk [2012.06.25 19:13:59 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012.06.25 19:13:59 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2012.06.25 19:13:59 | 000,000,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk [2012.06.25 19:13:58 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2012.06.25 19:13:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.06.25 19:13:55 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click to Disc.lnk [2012.06.25 19:13:55 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click to Disc Editor.lnk [2012.06.25 19:13:54 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.06.25 16:04:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.25 00:13:37 | 000,000,152 | ---- | C] () -- C:\ProgramData\-4ocpBXceD2BoLXr [2012.06.25 00:13:37 | 000,000,000 | ---- | C] () -- C:\ProgramData\-4ocpBXceD2BoLX [2012.06.25 00:13:22 | 000,000,256 | ---- | C] () -- C:\ProgramData\4ocpBXceD2BoLX [2012.06.18 19:53:16 | 046,216,146 | ---- | C] () -- C:\Users\Petra\Documents\Update_kindle_4.1.0_B00E.bin [2012.02.21 01:53:50 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.11.03 21:15:53 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\Hooks.dll [2010.06.12 19:21:17 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml < End of report > hier kommt die extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.06.2012 20:38:11 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Petra\Documents 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,45% Memory free 7,68 Gb Paging File | 5,62 Gb Available in Paging File | 73,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,64 Gb Total Space | 218,21 Gb Free Space | 75,60% Space Free | Partition Type: NTFS Computer Name: ANDREAS-VAIO | User Name: Petra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AB4E0D-D0FB-4794-AEE2-9C49848D388B}" = rport=445 | protocol=6 | dir=out | app=system | "{05436845-B480-42EF-B857-86891C3E6D3C}" = lport=2869 | protocol=6 | dir=in | app=system | "{328D5A02-F717-4FE3-9693-151C4222E5FA}" = lport=10243 | protocol=6 | dir=in | app=system | "{392B61AF-BE37-4964-B677-977B00E56477}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{496EA411-EC9A-4F41-9A56-743BD5F94AC1}" = rport=139 | protocol=6 | dir=out | app=system | "{5D56E9E4-2B42-4932-BB2C-1DCB550322AA}" = rport=10243 | protocol=6 | dir=out | app=system | "{5F31E814-E034-41AF-A32E-A8CB137BDA8D}" = lport=139 | protocol=6 | dir=in | app=system | "{69645C53-122F-40C1-9F1D-CAE057BBE3E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73EBECBC-C178-48C6-BFEF-EB8F314F4B64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{77B4C27A-F83C-4BA9-9E03-EE19B026AA67}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A64838D-4CD3-47E8-B1DE-E793FD9EA6F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{993744ED-EDB0-4303-BC0B-DE4D3D427230}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AADB4E44-2E60-4C79-B84D-48113AC14DA6}" = rport=137 | protocol=17 | dir=out | app=system | "{AF8535BA-14D9-4DED-870A-79525AE2089E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B0059EB8-F531-410D-B80C-0DA36F78ED85}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B47693B9-F032-4484-AF5D-9A67DF5E6551}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B52BA1CD-8C29-478B-84B0-8B69F0A4EFF2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BC214C05-6CD5-4F3F-BD2A-3D8B3F29852B}" = rport=138 | protocol=17 | dir=out | app=system | "{BEDE8AA6-2CE7-47F3-9C0D-A647705A7555}" = lport=445 | protocol=6 | dir=in | app=system | "{C089E20B-445A-4DDC-B422-E7D52A407788}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C60E8EE3-2BFF-47B0-88D8-9AB22F433624}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C6135670-646D-4130-BBD0-9A1FE9563933}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C711A0EA-672A-41E0-8270-A62B2A074C53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D91DF323-AE8B-4BE1-B1B7-0DDF8739B193}" = lport=2869 | protocol=6 | dir=in | app=system | "{EF044A2B-D232-4630-B82A-27AB9E510D1D}" = lport=137 | protocol=17 | dir=in | app=system | "{F70C2350-C2BC-4860-8BF4-0DABF9D7C363}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{042789D3-B9DD-404C-A2E3-DC8429A3C911}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{15502DB0-9B1E-4140-B98C-A5F19881FB99}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{20916AB9-B26D-4652-BFE9-1415F9718C1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{280444E5-A6A0-41BE-AAA5-A1226B746A4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{28B0C687-1FB7-4611-AE76-AF733C10C751}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2E70C796-E735-49F3-8453-2EBC31D6C730}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2F041AAE-925F-4709-A644-16295506EFB0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{31FA89D4-018F-4872-AD84-3BEE025FAD95}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4E61616A-60C0-4383-9B67-2639977D16A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{59E403EF-59FB-47F6-BC59-A6CFE73E7938}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{61051065-9C47-4102-86D8-5666582BF3FA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{6AD4FD0A-B79A-46AE-92C1-2DFA073CED39}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6DD46CE0-9865-4BB0-AC87-DA6C920A169E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6DD61F1C-7ABB-48FD-B89F-D0440BDC90B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{70F8257B-494F-4FFD-896D-CF383EA297FB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{82C1058B-027D-42BE-B429-077DCCB3E177}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{84750A75-348A-47BA-86E6-172E587FB626}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{867DBE0F-1DA6-4708-880E-8DD7D7D988EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8EC17363-C988-4339-B120-DBC33A9C5B3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9641CA36-0762-4583-A51C-DB0B30A1CA34}" = protocol=6 | dir=out | app=system | "{9733C6A8-73D3-45F2-9538-36C338EA50E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{A415ADC9-E8A9-4F7C-8540-9A1CC91E52E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BF9E7511-9312-4890-861D-897B348C7752}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BFF315EC-2A52-48F0-90D4-6D8919A6C381}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C2ACE0E1-2875-47AE-B769-8BE1A89B459D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C699C4EA-51BA-4256-93C5-3382B478EAF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7930DD9-8126-456E-96C1-98B8926DBB8D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FAF17928-DB50-47B8-9BBF-9EFDE62FBA15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64 "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit) "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64 "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{199ACA4F-8CAC-40FB-996B-C380DF69B71F}" = Langenscheidt Vokabeltrainer 6.0 Französisch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 25 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager "{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager "{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher "{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4EAB69C5-7763-4BB8-9D06-733292AA6E0C}" = Bing Bar "{518F8DB2-65BA-40F7-B843-1F11F8F1B124}" = Vokabeltrainer-Update 6.0.16 "{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings "{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8732F9DD-0E44-4F8A-B460-A0B769AB1C13}" = calibre "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.2.5 "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access "{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager "{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library "{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2 "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer "{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager "{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "Complitly_is1" = Complitly "DealPly" = DealPly "ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender "ENTERPRISER" = Microsoft Office Enterprise 2007 "Free Studio_is1" = Free Studio version 5.1.5 "Google Chrome" = Google Chrome "Grammatiktrainer 6.0 Franzoesisch" = Langenscheidt Grammatiktrainer 6.0 Franzoesisch "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{071B843C-9A39-40B3-BB01-BBD6A8D2E1C5}" = lingDIALOG "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control "Kurs 2 6.0 Französisch" = Langenscheidt Kurs 2 6.0 Französisch "Kurs 6.0 Französisch" = Langenscheidt Kurs 6.0 Französisch "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MarketingTools" = VAIO Marketing Tools "MFU Module" = "softonic-de3 Toolbar" = softonic-de3 Toolbar "splashtop" = VAIO Quick Web Access "TuneUp Utilities" = TuneUp Utilities "VAIO Help and Support" = "VAIO NW screensaver" = VAIO NW screensaver "VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.06.2012 06:00:41 | Computer Name = Andreas-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.06.2012 13:09:00 | Computer Name = Andreas-VAIO | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 11.06.2012 13:09:36 | Computer Name = Andreas-VAIO | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.06.2012 13:10:28 | Computer Name = Andreas-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 11.06.2012 13:18:35 | Computer Name = Andreas-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 09:15:26 | Computer Name = Andreas-VAIO | Source = VzCdbSvc | ID = 7 Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error - 12.06.2012 09:15:48 | Computer Name = Andreas-VAIO | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 12.06.2012 09:16:45 | Computer Name = Andreas-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.06.2012 09:22:24 | Computer Name = Andreas-VAIO | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses: 0x1300 Startzeit der fehlerhaften Anwendung: 0x01cd489d8630dc1c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a583d5a5-b491-11e1-99e7-0024beb02fa8 Error - 12.06.2012 09:23:33 | Computer Name = Andreas-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ Media Center Events ] Error - 11.08.2010 11:15:31 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 17:15:31 - Fehler beim Herstellen der Internetverbindung. 17:15:31 - Serververbindung konnte nicht hergestellt werden.. Error - 24.08.2010 17:12:14 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 23:12:14 - Fehler beim Herstellen der Internetverbindung. 23:12:14 - Serververbindung konnte nicht hergestellt werden.. Error - 05.09.2010 12:13:12 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 18:13:12 - Fehler beim Herstellen der Internetverbindung. 18:13:12 - Serververbindung konnte nicht hergestellt werden.. Error - 05.09.2010 12:13:27 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 18:13:18 - Fehler beim Herstellen der Internetverbindung. 18:13:18 - Serververbindung konnte nicht hergestellt werden.. Error - 27.10.2010 10:43:18 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 16:43:18 - Fehler beim Herstellen der Internetverbindung. 16:43:18 - Serververbindung konnte nicht hergestellt werden.. Error - 27.10.2010 10:43:27 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 16:43:24 - Fehler beim Herstellen der Internetverbindung. 16:43:24 - Serververbindung konnte nicht hergestellt werden.. Error - 07.11.2010 06:54:12 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 11:54:08 - Fehler beim Herstellen der Internetverbindung. 11:54:08 - Serververbindung konnte nicht hergestellt werden.. Error - 10.02.2012 04:27:26 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 09:27:26 - Fehler beim Herstellen der Internetverbindung. 09:27:26 - Serververbindung konnte nicht hergestellt werden.. Error - 10.02.2012 04:27:53 | Computer Name = Andreas-VAIO | Source = MCUpdate | ID = 0 Description = 09:27:31 - Fehler beim Herstellen der Internetverbindung. 09:27:31 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 19.01.2012 15:21:00 | Computer Name = Andreas-VAIO | Source = DCOM | ID = 10016 Description = Error - 19.01.2012 15:21:11 | Computer Name = Andreas-VAIO | Source = DCOM | ID = 10016 Description = Error - 19.01.2012 15:21:22 | Computer Name = Andreas-VAIO | Source = DCOM | ID = 10016 Description = Error - 19.01.2012 16:24:02 | Computer Name = Andreas-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 19.01.2012 16:25:18 | Computer Name = Andreas-VAIO | Source = DCOM | ID = 10016 Description = Error - 20.01.2012 16:24:12 | Computer Name = Andreas-VAIO | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht. Error - 21.01.2012 16:26:38 | Computer Name = Andreas-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 21.01.2012 16:27:55 | Computer Name = Andreas-VAIO | Source = DCOM | ID = 10016 Description = Error - 22.01.2012 07:59:12 | Computer Name = Andreas-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Upnp Server 10 erreicht. Error - 22.01.2012 08:00:24 | Computer Name = Andreas-VAIO | Source = DCOM | ID = 10016 Description = < End of report > |
26.06.2012, 06:56 | #4 |
| S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch da Hi, das sieht schon recht ordentlich aus, noch Reste entsorgen: Fix für OTL:
Code:
ATTFilter :OTL O4 - HKLM..\Run: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2012.06.25 00:13:37 | 000,000,152 | ---- | C] () -- C:\ProgramData\-4ocpBXceD2BoLXr [2012.06.25 00:13:37 | 000,000,000 | ---- | C] () -- C:\ProgramData\-4ocpBXceD2BoLX [2012.06.25 00:13:22 | 000,000,256 | ---- | C] () -- C:\ProgramData\4ocpBXceD2BoLX O4 - HKLM..\Run: [] File not found :Commands [emptytemp] [Reboot]
Bitte MAM updaten und im Fullscan laufen lassen, Log posten... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
26.06.2012, 15:56 | #5 |
| S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch da Hallo Chris, die Codebox habe ich bei OTL reinkopiert und Run angeklickt. Hier kommt der Inhalt des anschließenden Fensters: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found. File C:\ProgramData\-4ocpBXceD2BoLXr not found. File C:\ProgramData\-4ocpBXceD2BoLX not found. File C:\ProgramData\4ocpBXceD2BoLX not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Andreas ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49999747 bytes ->Java cache emptied: 10377996 bytes ->Flash cache emptied: 3732 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Petra ->Temp folder emptied: 11287034 bytes ->Temporary Internet Files folder emptied: 277511333 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1785 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 123552824 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 222136 bytes RecycleBin emptied: 47745003 bytes Total Files Cleaned = 497,00 mb OTL by OldTimer - Version 3.2.53.0 log created on 06262012_152349 Files\Folders moved on Reboot... C:\Users\Petra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTDN1803\con-tos[1].htm moved successfully. C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTDN1803\conduit_app[1].htm moved successfully. C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTDN1803\pgcb1_2[1].htm moved successfully. C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T4RFK9QR\117955-s-m-a-r-t-check-virus-dunkler-bildschirm-nur-papierkorb-noch[1].htm moved successfully. C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T4RFK9QR\player[1].htm moved successfully. C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6KQDOYDA\ads[4].htm moved successfully. C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... File C:\Users\Petra\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTDN1803\con-tos[1].htm not found! File C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTDN1803\conduit_app[1].htm not found! File C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WTDN1803\pgcb1_2[1].htm not found! File C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T4RFK9QR\117955-s-m-a-r-t-check-virus-dunkler-bildschirm-nur-papierkorb-noch[1].htm not found! File C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T4RFK9QR\player[1].htm not found! File C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6KQDOYDA\ads[4].htm not found! File C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found! Registry entries deleted on Reboot... Gleich werde ich noch den Scan bei MAM erledigen und LOG posten. Viele Grüße Petra Hallo, so nun ist auch der Fullscan von MAM fertig: Hier ist der Log-Bericht: Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Petra :: ANDREAS-VAIO [Administrator] Schutz: Aktiviert 26.06.2012 15:39:27 mbam-log-2012-06-26 (15-39-27).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 430523 Laufzeit: 1 Stunde(n), 30 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Petra Hallo, ich habe gerade festgestellt, dass unsere Bilddateien nicht mehr so sind wie vorher. Im Ordner Bilder hat der Computer für jedes Bild einen Ordner erstellt und dort jeweils das Bild zweimal gespeichert. Außerdem ist die Größe der Datei verändert. Sie ist jetzt stark verkleinert. Kann man das irgendwie beheben oder hat der Virus das für immer so verändert? Ich hoffe, dass ich nicht nach und nach auf noch mehr solcher Überraschungen stosse. Ich hatte gehofft, dass der Schaden nicht sehr groß ist und ich noch einmal mit einem blauen Auge davon gekommen bin. Mit den Bildern ist irgendwie sehr ärgerlich. Petra |
27.06.2012, 06:33 | #6 |
| S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch da Hi, das ist Malware deren Autor(en) davon leben, dass sie Bilder, Dokumente u. Programme verschlüsseln und die betroffenen dann ein Entschlüsselungsprogramm erwerben "dürfen" (falls dann tatsächlich was entsprechendes kommt). Du kannst versuchen die Dateien zu entschlüsseln (mit den neusten Varianten allerdings nichtmehr möglich).. folge dazu diesem Link: http://www.trojaner-board.de/114783-...ubersicht.html... Ich kann da leider nicht mehr weiterhelfen, viel Erfolg... chris
__________________ --> S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch da |
Themen zu S.M.A.R.T. Check Virus dunkler Bildschirm nur der Papierkorb ist noch da |
ahnung, andere, anderen, bildschirm, check, computer, dinge, folge, folgende, infizierte, infizierte dateien, interne, internet, klick, klickt, papierkorb, probleme, rechner, sichtbar, verschieben, virus, windows, wirklich, würde, zusammen, öffnen |