|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauberWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.03.2013, 14:15 | #1 |
| GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Vielen Dank schon mal für die Hilfe im Voraus. Bin über die GVU-Seite auf Euch gestoßen. Habe mir wohl den GVU-Trojaner eingefangen (Hinweis auf Straftaten mit Zahlungsaufforderung) Was bisher geschah: Habe mit Hilfe meiner Recovery CDs Windows neu draufgespielt und Backup erstellt. Durch einen Fehler bei mir ist das wohl zweimal gemacht worden. Symptom ist weg, aber, wenn ich Euch richtig verstehe ist der PC damit noch nicht sauber und ich muss ja an meine Backups ran! Malware ist durchgeführt; defogger ebenso. Hier der Malewarebericht. Im Anschluss daran die von OTL und gmer...: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.28.05 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Gebhard :: GEBHARD-PC [Administrator] 28.03.2013 10:18:38 mbam-log-2013-03-28 (10-18-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 347632 Laufzeit: 3 Stunde(n), 9 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Backup\Gebhard Mohr\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Shopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Backup\Gebhard Mohr\AppData\Roaming\skype.dat (Malware.Packer.SGX5) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Backup1\Gebhard Mohr\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Shopper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Backup1\Gebhard Mohr\AppData\Roaming\skype.dat (Malware.Packer.SGX5) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.03.2013 13:44:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gebhard\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,25% Memory free 3,98 Gb Paging File | 2,95 Gb Available in Paging File | 74,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,79 Gb Total Space | 145,94 Gb Free Space | 66,10% Space Free | Partition Type: NTFS Computer Name: GEBHARD-PC | User Name: Gebhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0912B104-E79C-4DC3-A091-1D3EF08891EE}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D0BB713-0E7D-49D9-AD81-0C83DDE9A0E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{29BE9FCB-C0FA-4DB6-B251-29D23D945295}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{60315F3E-7083-4867-BA21-35A9B47CC296}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | "{7B988C71-8819-40A9-8636-86A44FFCE4F2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{94AEED9D-78BA-4595-9EBA-911196B7344F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B8A46154-003F-4EC4-A718-BA3964E4234A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{F24E40DC-CD3D-40B9-A644-4D6ADEF402C6}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{FCC3D37B-750B-4F42-88DC-569ED6A1A0CA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.03.2013 04:14:58 | Computer Name = Gebhard-PC | Source = VSS | ID = 8194 Description = Error - 28.03.2013 04:20:36 | Computer Name = Gebhard-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.70.0.9, Zeitstempel: 0x50a526ce Name des fehlerhaften Moduls: mbamnet.DLL, Version: 1.70.0.0, Zeitstempel: 0x50cb912d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aed9 ID des fehlerhaften Prozesses: 0x1444 Startzeit der fehlerhaften Anwendung: 0x01ce2b8cfdf3f40f Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften Moduls: C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.DLL Berichtskennung: 5da434bb-9780-11e2-b16d-00269e3447c1 Error - 28.03.2013 08:30:58 | Computer Name = Gebhard-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: SYMHTML.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5111c8e4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x62ddb9a2 ID des fehlerhaften Prozesses: 0x938 Startzeit der fehlerhaften Anwendung: 0x01ce2b952f03d186 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: SYMHTML.DLL Berichtskennung: 570f653f-97a3-11e2-87d1-00269e3447c1 Error - 28.03.2013 08:31:12 | Computer Name = Gebhard-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: SYMHTML.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5111c8e4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x62ddb9a2 ID des fehlerhaften Prozesses: 0x938 Startzeit der fehlerhaften Anwendung: 0x01ce2b952f03d186 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: SYMHTML.DLL Berichtskennung: 5f80c6b8-97a3-11e2-87d1-00269e3447c1 [ System Events ] Error - 28.03.2013 03:51:30 | Computer Name = WIN-5FQPDVH29M3 | Source = Microsoft-Windows-Application-Experience | ID = 205 Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren. Error - 28.03.2013 03:54:21 | Computer Name = WIN-5FQPDVH29M3 | Source = Microsoft-Windows-Application-Experience | ID = 205 Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren. Error - 28.03.2013 05:14:43 | Computer Name = Gebhard-PC | Source = DCOM | ID = 10010 Description = Error - 28.03.2013 05:16:55 | Computer Name = Gebhard-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > Hier OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.03.2013 13:44:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gebhard\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,25% Memory free 3,98 Gb Paging File | 2,95 Gb Available in Paging File | 74,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,79 Gb Total Space | 145,94 Gb Free Space | 66,10% Space Free | Partition Type: NTFS Computer Name: GEBHARD-PC | User Name: Gebhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.28 11:49:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebhard\Desktop\OTL.exe PRC - [2012.12.23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2009.08.21 18:30:32 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 18:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.06 05:31:06 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2009.08.06 05:31:06 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe PRC - [2009.08.06 05:31:02 | 000,440,864 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2009.08.04 06:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.23 21:51:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.10 23:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe PRC - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.06.04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GregHSRW.exe ========== Modules (No Company Name) ========== MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Users\Gebhard\AppData\Local\Temp\026908~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0269081364470569mcinstcleanup) SRV - [2013.03.07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS) SRV - [2009.08.21 02:57:31 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2009.08.06 18:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.06 05:31:06 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.10 10:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.06.04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2008.11.04 09:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 22:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | Disabled | Running] -- System32\Drivers\Mpfp.sys -- (MPFP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mferkdk.sys -- (mferkdk) DRV - File not found [Kernel | System | Running] -- system32\drivers\mfehidk.sys -- (mfehidk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfebopk.sys -- (mfebopk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2013.03.28 13:33:52 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\xgbwonqo.sys -- (qqlrr) DRV - [2013.03.28 12:40:01 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013.03.27 15:34:06 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130327.001\IDSvix86.sys -- (IDSVix86) DRV - [2013.03.27 01:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130327.038\navex15.sys -- (NAVEX15) DRV - [2013.03.27 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.03.27 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220) DRV - [2013.03.27 01:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130327.038\naveng.sys -- (NAVENG) DRV - [2013.03.22 02:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.01.30 20:18:18 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\NIS\1403000.024\symnets.sys -- (SymNetS) DRV - [2013.01.30 20:18:06 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymEFA.sys -- (SymEFA) DRV - [2013.01.28 18:45:18 | 000,602,712 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys -- (SRTSP) DRV - [2013.01.28 18:45:18 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys -- (SRTSPX) DRV - [2013.01.21 19:15:32 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\SymDS.sys -- (SymDS) DRV - [2012.11.15 19:22:02 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\Ironx86.sys -- (SymIRON) DRV - [2012.11.15 19:18:04 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1403000.024\ccSetx86.sys -- (ccSet_NIS) DRV - [2009.07.16 12:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.06.24 03:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.06.09 05:37:08 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) DRV - [2009.06.02 12:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2009.06.02 12:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.06.02 12:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao531h&r=27b503131606l0303ww68w67m84797 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao531h&r=27b503131606l0303ww68w67m84797 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao531h&r=27b503131606l0303ww68w67m84797 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao531h&r=27b503131606l0303ww68w67m84797 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE529 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=sb&qsrc=2869 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.28 12:41:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.03.28 12:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.28 12:55:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.28 12:59:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.03.28 13:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebhard\AppData\Roaming\mozilla\Extensions [2013.03.28 12:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B3F0EA0-75E2-4F98-971F-0166F9ED6439}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3861B99-AD3F-4FB4-9747-FF9515DBFF2D}: DhcpNameServer = 168.95.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.28 13:00:51 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Roaming\Mozilla [2013.03.28 13:00:51 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Local\Mozilla [2013.03.28 12:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.03.28 12:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.03.28 12:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.28 12:43:12 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\Documents\Symantec [2013.03.28 12:40:02 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.03.28 12:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.03.28 12:39:38 | 000,934,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\SymEFA.sys [2013.03.28 12:39:38 | 000,367,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\SymDS.sys [2013.03.28 12:39:38 | 000,338,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\symnets.sys [2013.03.28 12:39:38 | 000,032,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.sys [2013.03.28 12:39:38 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\SymELAM.sys [2013.03.28 12:39:37 | 000,602,712 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.sys [2013.03.28 12:39:37 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\Ironx86.sys [2013.03.28 12:39:37 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1403000.024\ccSetx86.sys [2013.03.28 12:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS [2013.03.28 12:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1403000.024 [2013.03.28 12:39:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2013.03.28 12:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2013.03.28 12:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2013.03.28 12:28:41 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2013.03.28 11:49:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gebhard\Desktop\OTL.exe [2013.03.28 10:34:02 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.03.28 10:33:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer [2013.03.28 10:33:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407 [2013.03.28 10:33:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE [2013.03.28 10:33:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\de [2013.03.28 10:31:59 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui [2013.03.28 10:31:59 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui [2013.03.28 10:31:59 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui [2013.03.28 10:31:54 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui [2013.03.28 10:31:54 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui [2013.03.28 10:31:54 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui [2013.03.28 09:56:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver [2013.03.28 09:56:40 | 000,000,000 | ---D | C] -- C:\Windows\Screensavers [2013.03.28 09:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2013.03.28 09:47:43 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Local\Microsoft Help [2013.03.28 09:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works [2013.03.28 09:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.03.28 09:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.03.28 09:25:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.03.28 09:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2013.03.28 09:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.03.28 09:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.03.28 09:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2013.03.28 09:19:42 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Roaming\Malwarebytes [2013.03.28 09:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.28 09:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.28 09:19:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.28 09:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.28 09:18:51 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Local\Programs [2013.03.28 09:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013.03.28 09:13:52 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Roaming\Macromedia [2013.03.28 09:11:49 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Roaming\Adobe [2013.03.28 09:11:35 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Roaming\Google [2013.03.28 09:11:32 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Local\Google [2013.03.28 09:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem [2013.03.28 09:10:47 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Local\EgisTec [2013.03.28 09:10:08 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.28 09:10:08 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.28 09:10:07 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Searches [2013.03.28 09:09:54 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Roaming\Identities [2013.03.28 09:09:50 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Contacts [2013.03.28 09:07:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer [2013.03.28 09:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\OEM [2013.03.28 09:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store [2013.03.28 09:07:11 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Local\VirtualStore [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Vorlagen [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\AppData\Local\Verlauf [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\AppData\Local\Temporary Internet Files [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Startmenü [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\SendTo [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Recent [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Netzwerkumgebung [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Lokale Einstellungen [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Documents\Eigene Videos [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Documents\Eigene Musik [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Eigene Dateien [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Documents\Eigene Bilder [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Druckumgebung [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Cookies [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\AppData\Local\Anwendungsdaten [2013.03.28 09:07:10 | 000,000,000 | -HSD | C] -- C:\Users\Gebhard\Anwendungsdaten [2013.03.28 09:07:09 | 000,000,000 | --SD | C] -- C:\Users\Gebhard\AppData\Roaming\Microsoft [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Videos [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Saved Games [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Pictures [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Music [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Links [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Favorites [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Downloads [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Documents [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\Desktop [2013.03.28 09:07:09 | 000,000,000 | R--D | C] -- C:\Users\Gebhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.28 09:07:09 | 000,000,000 | -H-D | C] -- C:\Users\Gebhard\AppData [2013.03.28 09:07:09 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Local\Temp [2013.03.28 09:07:09 | 000,000,000 | ---D | C] -- C:\Users\Gebhard\AppData\Local\Microsoft [2013.03.28 09:06:55 | 000,000,000 | R--D | C] -- C:\Backup1 [2013.03.28 09:06:45 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.28 09:06:45 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.28 09:06:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.28 09:06:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.28 09:06:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.28 08:52:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.28 08:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager [2013.03.28 08:07:54 | 000,000,000 | R--D | C] -- C:\Backup [2013.03.27 18:47:35 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.03.27 18:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013.03.27 18:42:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.27 18:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.03.05 20:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2009.08.21 02:35:15 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.03.28 13:51:13 | 000,002,768 | ---- | M] () -- C:\Users\Gebhard\Desktop\Thread.rtf [2013.03.28 13:42:01 | 000,000,000 | ---- | M] () -- C:\Users\Gebhard\defogger_reenable [2013.03.28 13:34:53 | 000,002,108 | ---- | M] () -- C:\Users\Gebhard\Desktop\maleware bericht.rtf [2013.03.28 13:33:52 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\xgbwonqo.sys [2013.03.28 13:30:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.28 12:40:56 | 000,854,735 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB [2013.03.28 12:40:01 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.03.28 12:40:01 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.03.28 12:40:01 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013.03.28 11:50:48 | 000,377,856 | ---- | M] () -- C:\Users\Gebhard\Desktop\gmer_2.1.19155.exe [2013.03.28 11:49:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebhard\Desktop\OTL.exe [2013.03.28 11:48:53 | 000,050,477 | ---- | M] () -- C:\Users\Gebhard\Desktop\Defogger.exe [2013.03.28 10:33:32 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat [2013.03.28 10:33:32 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat [2013.03.28 10:31:59 | 000,033,280 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui [2013.03.28 10:31:59 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui [2013.03.28 10:31:59 | 000,010,752 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui [2013.03.28 10:31:54 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui [2013.03.28 10:31:54 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui [2013.03.28 10:31:54 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui [2013.03.28 10:30:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.28 10:24:16 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.28 10:24:16 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.28 10:23:53 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.28 10:23:53 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.28 10:23:53 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.28 10:23:53 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.28 10:21:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.28 10:17:35 | 000,333,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.28 10:16:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.28 10:16:01 | 1601,138,688 | -HS- | M] () -- C:\hiberfil.sys [2013.03.28 09:44:49 | 000,000,033 | ---- | M] () -- C:\Windows\0 [2013.03.28 09:19:27 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.28 09:14:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.03.28 09:04:56 | 000,048,637 | ---- | M] () -- C:\Windows\System32\license.rtf [2013.03.28 08:54:21 | 000,000,006 | ---- | M] () -- C:\Windows\System32\PLD_Framework.cmd [2013.03.28 08:51:35 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI [2013.03.27 21:16:49 | 000,000,000 | ---- | M] () -- C:\END ========== Files Created - No Company Name ========== [2013.03.28 13:44:24 | 000,002,700 | ---- | C] () -- C:\Users\Gebhard\Desktop\Thread.rtf [2013.03.28 13:42:01 | 000,000,000 | ---- | C] () -- C:\Users\Gebhard\defogger_reenable [2013.03.28 13:34:53 | 000,002,108 | ---- | C] () -- C:\Users\Gebhard\Desktop\maleware bericht.rtf [2013.03.28 13:33:52 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xgbwonqo.sys [2013.03.28 12:59:45 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.03.28 12:55:51 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.28 12:46:12 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\VT20130115.021 [2013.03.28 12:40:05 | 000,854,735 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\Cat.DB [2013.03.28 12:40:02 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.03.28 12:40:02 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013.03.28 12:39:14 | 000,014,818 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\SymVTcer.dat [2013.03.28 12:39:14 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\SymEFA.inf [2013.03.28 12:39:14 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\SymDS.inf [2013.03.28 12:39:14 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\SymNet.inf [2013.03.28 12:39:14 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.inf [2013.03.28 12:39:14 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.inf [2013.03.28 12:39:14 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\symELAM.inf [2013.03.28 12:39:14 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\ccSetx86.inf [2013.03.28 12:39:14 | 000,000,737 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\Iron.inf [2013.03.28 12:39:13 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\SymELAM.cat [2013.03.28 12:39:13 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\ccsetx86.cat [2013.03.28 12:39:13 | 000,007,601 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\SymNet.cat [2013.03.28 12:39:13 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\iron.cat [2013.03.28 12:39:13 | 000,007,583 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\SymEFA.cat [2013.03.28 12:39:13 | 000,007,581 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\srtspx.cat [2013.03.28 12:39:13 | 000,007,577 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\SymDS.cat [2013.03.28 12:39:13 | 000,007,577 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\srtsp.cat [2013.03.28 12:39:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1403000.024\isolate.ini [2013.03.28 11:50:39 | 000,377,856 | ---- | C] () -- C:\Users\Gebhard\Desktop\gmer_2.1.19155.exe [2013.03.28 11:48:52 | 000,050,477 | ---- | C] () -- C:\Users\Gebhard\Desktop\Defogger.exe [2013.03.28 10:34:50 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2013.03.28 10:34:50 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2013.03.28 10:34:50 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2013.03.28 10:34:50 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2013.03.28 10:21:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.28 10:19:00 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.28 10:18:57 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.28 09:44:49 | 000,000,033 | ---- | C] () -- C:\Windows\0 [2013.03.28 09:40:38 | 000,002,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2013.03.28 09:39:25 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2013.03.28 09:19:27 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.28 09:14:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.03.28 09:10:13 | 000,001,413 | ---- | C] () -- C:\Users\Gebhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.27 21:15:32 | 000,000,000 | ---- | C] () -- C:\END [2012.08.20 15:14:36 | 000,000,040 | ---- | C] () -- C:\ProgramData\nhugvkkxfebhwqy [2009.11.27 18:39:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD @Alternate Data Stream - 376 bytes -> C:\WinRE{33875bcb0-c571-4ac4-9d2d-87796275a886}:$WIMMOUNTDATA @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Hier OTL ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.03.2013 13:44:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gebhard\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,25% Memory free 3,98 Gb Paging File | 2,95 Gb Available in Paging File | 74,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,79 Gb Total Space | 145,94 Gb Free Space | 66,10% Space Free | Partition Type: NTFS Computer Name: GEBHARD-PC | User Name: Gebhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0912B104-E79C-4DC3-A091-1D3EF08891EE}" = lport=2869 | protocol=6 | dir=in | app=system | "{7D0BB713-0E7D-49D9-AD81-0C83DDE9A0E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{29BE9FCB-C0FA-4DB6-B251-29D23D945295}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{60315F3E-7083-4867-BA21-35A9B47CC296}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | "{7B988C71-8819-40A9-8636-86A44FFCE4F2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{94AEED9D-78BA-4595-9EBA-911196B7344F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B8A46154-003F-4EC4-A718-BA3964E4234A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{F24E40DC-CD3D-40B9-A644-4D6ADEF402C6}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{FCC3D37B-750B-4F42-88DC-569ED6A1A0CA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.03.2013 04:14:58 | Computer Name = Gebhard-PC | Source = VSS | ID = 8194 Description = Error - 28.03.2013 04:20:36 | Computer Name = Gebhard-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.70.0.9, Zeitstempel: 0x50a526ce Name des fehlerhaften Moduls: mbamnet.DLL, Version: 1.70.0.0, Zeitstempel: 0x50cb912d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000aed9 ID des fehlerhaften Prozesses: 0x1444 Startzeit der fehlerhaften Anwendung: 0x01ce2b8cfdf3f40f Pfad der fehlerhaften Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Pfad des fehlerhaften Moduls: C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.DLL Berichtskennung: 5da434bb-9780-11e2-b16d-00269e3447c1 Error - 28.03.2013 08:30:58 | Computer Name = Gebhard-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: SYMHTML.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5111c8e4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x62ddb9a2 ID des fehlerhaften Prozesses: 0x938 Startzeit der fehlerhaften Anwendung: 0x01ce2b952f03d186 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: SYMHTML.DLL Berichtskennung: 570f653f-97a3-11e2-87d1-00269e3447c1 Error - 28.03.2013 08:31:12 | Computer Name = Gebhard-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: SYMHTML.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5111c8e4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x62ddb9a2 ID des fehlerhaften Prozesses: 0x938 Startzeit der fehlerhaften Anwendung: 0x01ce2b952f03d186 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: SYMHTML.DLL Berichtskennung: 5f80c6b8-97a3-11e2-87d1-00269e3447c1 [ System Events ] Error - 28.03.2013 03:51:30 | Computer Name = WIN-5FQPDVH29M3 | Source = Microsoft-Windows-Application-Experience | ID = 205 Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren. Error - 28.03.2013 03:54:21 | Computer Name = WIN-5FQPDVH29M3 | Source = Microsoft-Windows-Application-Experience | ID = 205 Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren. Error - 28.03.2013 05:14:43 | Computer Name = Gebhard-PC | Source = DCOM | ID = 10010 Description = Error - 28.03.2013 05:16:55 | Computer Name = Gebhard-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > Hier GMER exe: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit quick scan 2013-03-28 14:07:28 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001 232,89GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Gebhard\AppData\Local\Temp\kxlirfow.sys ---- System - GMER 2.1 ---- Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile [0x8D3674FE] Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess [0x8D367498] Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcessEx [0x8D3674AC] Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateUserProcess [0x8D3674C2] Code \SystemRoot\system32\drivers\mfehidk.sys ZwNotifyChangeKey [0x8D367528] Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenProcess [0x8D367470] Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenThread [0x8D367484] Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory [0x8D367512] Code \SystemRoot\system32\drivers\mfehidk.sys ZwRestoreKey [0x8D36753C] Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetContextThread [0x8D3674EA] Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetInformationProcess [0x8D3674D6] Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess [0x8D36745C] Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys NtSetInformationProcess ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys AttachedDevice \FileSystem\fastfat \Fat mwlPSDFilter.sys (PSD Filter Driver/Egis Technology Inc.) AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) ---- EOF - GMER 2.1 ---- Hoffe das hilft weiter. Für mich alles böhmische Dörfer ... Danke nochmals im Voraus. |
30.03.2013, 16:17 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Hallo und
__________________Hast du die Logs vor oder nach dem Recovery erstellt?
__________________ |
30.03.2013, 22:26 | #3 |
| GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Hallo Cosinus,
__________________Danke für die Rückmeldung. Die Logs sind nach dem Recovery erstellt. Gruß Gebbl |
31.03.2013, 00:53 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Hm ok, ich hab mich vorhin auch etwas verlesen, die Funde sind allesamt nur in deinem Backup-Verzeichnis
__________________ Logfiles bitte immer in CODE-Tags posten |
31.03.2013, 10:48 | #5 |
| GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Mein Norton findet bei einem vollständigen Scan jetzt auch nichts mehr. Ist der PC damit wieder sauber? Kann ich dann einfach die Dateien aus dem Backup wieder zurückkopieren an den Ort, wo ich sie hinhaben will? Was ist mit meinen Anwendungen? Oder ist da vielleicht noch das Ding versteckt? Frohe Ostern Cosinus und nochmals herzlichen Dank |
04.04.2013, 18:24 | #6 |
| GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Hallo Cosinus, mein PC läuft wieder und scheint auch sauber. Habe meine Dateien auch wiederhergestellt. Ist der jetzt wirklich sauber, wenn Norton nichts findet? Letzte Frage: Was ist mit dem defogger reenable? Muss ich da noch was tun? Danke für die Hilfe hier. Gruß Gebbl |
04.04.2013, 19:25 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Du hast recovert (kommt einem Neuaufsetzen gleich) es wurden nur Funde in alten Backupdateien gemeldet und Norton findet nichts - was bitte willst du da noch als Bestätigung sehen oder hören?
__________________ Logfiles bitte immer in CODE-Tags posten |
04.04.2013, 19:30 | #8 |
| GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Sorry, will nicht nerven, ich hatte nach der Anleitung den defogger eingeschaltet und da stand etwas davon, dass man den erst nach ausdrücklicher Anordnung des Helfers "reenabeln" soll. Hat sich das erübrigt? Danke für die letzte Hilfe Gruß Gebbl |
04.04.2013, 23:27 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Achso, das mit dem defogger ist etwas untergegangen. Das Teil ist eh nur relevant wenn du CD/DVD-Laufwerk-Emulatoren verwendest also sowas wie Daemontools
__________________ Logfiles bitte immer in CODE-Tags posten |
05.04.2013, 10:23 | #10 |
| GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber Dann bleibt mir nichts weiter, als mich für die tolle Unterstützung von Dir/Euch zu bedanken. Toll dass Ihr diese Arbeit macht. Liebe Grüße - Gebbl |
Themen zu GVU Trojaner? - Syptome behoben, aber PC wohl noch nicht sauber |
autorun, bho, ebay, error, excel, fehler, flash player, google, iexplore.exe, install.exe, launch, logfile, mozilla, pricepeep, realtek, registry, scan, security, senden, server, software, svchost.exe, symantec, trojaner, trojaner?, usb, visual studio, windows |