Virus W32.Ramnit.C Skichallenge Avira

markusg · 06.02.2011, 17:00

was für ein programm ist es?
na wenn du drauf angewiesen bist, bzw es bezahlt hast, nutze es. du solltest es in secunia von der überwachung ausnehmen können, bzw. ausblenden können.

Tulbi · 06.02.2011, 17:28

Hallo Markusg

Habe ich mich zu früh gefreut?

Nach der Recovery war auf der Partition C: 16GB Speicher besetzt...

Nun sind plötzlich 142GB besetzt und es hat verschlüsselte Prgogramm und Datenordner die ich nicht öffnen kann...

Was ist das? Und wie werde ich es los?

Lg

Tulbi

markusg · 06.02.2011, 17:30

wie heißen die dateien denn?
was hast du denn schon so alles instaliert? viel?

Tulbi · 06.02.2011, 17:33

Nein, ich hab bis jetzt nur das installiert, was du mir empfohlen hast...

Die Daten sind alles alte Daten...

Die wurden also irgendwie gar nicht gelöscht und jetzt sind sie wieder drauf.

Ist dies normal? Ist mein Pc wieder krank?

Lg

Tulbi

markusg · 06.02.2011, 17:33

hast du denn wirklich formatiert oder nur windows drüber instaliert?

Tulbi · 06.02.2011, 17:36

Ich hab es so gemacht, wie du es mir erklärst hast...

Und die Daten waren zuerst ja auch weg...

Tulbi · 06.02.2011, 17:37

Auf das meiste kann ich nicht zugreifen...

Tulbi · 06.02.2011, 17:40

Auf dem Windows.old ordner sind mehr als 100GB drauf...

markusg · 06.02.2011, 17:40

wenn ich jetzt mal das log von heute früh nehme

Drive C: | 148,81 Gb Total Space | 14,99 Gb Free Space | 10,07% Space Free | Partition Type: NTFS
da waren auch schon 130 gb belegt.
ich sehe jetzt aber keine dateien die dort nicht hingehören.
du hast auch vor dem instalieren die option formatieren genutzt?
ich glaub nicht. da ich grad was gesehen hab
C:\Windows.old
das heißt du hast 2 mal windows drauf und nicht so gearbeitet wie beschrieben.

Tulbi · 06.02.2011, 17:42

Es kam nie eine "Option formatieren"...

Heisst dies: nochmals neu aufsetzen?

Lg

Tulbi

markusg · 06.02.2011, 17:44

ja du hast nicht formatiert. hättest du aufmerksam gelesen, hättest du eigendlich ne anzeige im setup sehen müssen, dass dateien nach windows.old verschoben werden.
du solltest das ganze noch mal machen und um sicher zu gehen zeigst du mir nach treiber update mal ein otl log, nicht das du wieder umsonst arbeitest.
sorry war auch mit meine schuld weil ichs zuerst übersehen hab.

Tulbi · 06.02.2011, 18:27

Hallo Markusg

Okey hab es jetzt nochmals aufgesetzt...MIT formatieren (sorry, es war ein bisschen versteckt und ich hab nicht aufgepasst

)OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.02.2011 18:16:28 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\TobiasHäberli\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 134,49 Gb Free Space | 90,38% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 82,21 Gb Free Space | 55,22% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,74 Gb Total Space | 2,34 Gb Free Space | 62,73% Space Free | Partition Type: FAT32
 
Computer Name: TobiasHaeberli | User Name: TobiasHäberli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.02.06 10:14:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TobiasHäberli\Desktop\OTL.exe
PRC - [2010.05.11 13:57:20 | 017,004,848 | ---- | M] () -- C:\Users\TobiasHäberli\AppData\Local\Temp\Temp1_broadcom-wlan-win7-5604835.zip\TC50069800C.exe
PRC - [2010.03.10 17:02:08 | 001,263,104 | ---- | M] (TOSHIBA) -- C:\Users\TobiasHäberli\AppData\Local\Temp\TC50069800C.temp\tinstallwb.exe
PRC - [2010.02.25 17:05:10 | 032,047,696 | ---- | M] (Acresso Software Inc.) -- C:\Users\TobiasHäberli\AppData\Local\Temp\TC50069800C.temp\Setup.exe
PRC - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.06 10:14:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TobiasHäberli\Desktop\OTL.exe
MOD - [2009.07.14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.06 18:15:00 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.02.22 18:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.06 18:16:05 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\TobiasHäberli\Desktop\OTL.exe
[2011.02.06 18:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011.02.06 18:15:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2011.02.06 18:15:51 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.02.06 18:15:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.02.06 18:15:10 | 003,555,840 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2011.02.06 18:15:10 | 000,095,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2011.02.06 18:15:09 | 003,891,200 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2011.02.06 18:15:09 | 003,058,168 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2011.02.06 18:15:09 | 000,000,000 | ---D | C] -- C:\Programme\Broadcom
[2011.02.06 18:14:59 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\WinBatch
[2011.02.06 18:13:46 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.02.06 18:13:46 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Searches
[2011.02.06 18:13:46 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.02.06 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Identities
[2011.02.06 18:13:32 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Contacts
[2011.02.06 18:13:30 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Local\VirtualStore
[2011.02.06 18:13:18 | 000,000,000 | --SD | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Videos
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Saved Games
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Pictures
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Music
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Links
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Favorites
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Downloads
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Documents
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Desktop
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Vorlagen
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\AppData\Local\Verlauf
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\AppData\Local\Temporary Internet Files
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Startmenü
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\SendTo
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Recent
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Netzwerkumgebung
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Lokale Einstellungen
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Documents\Eigene Videos
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Documents\Eigene Musik
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Eigene Dateien
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Documents\Eigene Bilder
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Druckumgebung
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Cookies
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\AppData\Local\Anwendungsdaten
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Anwendungsdaten
[2011.02.06 18:13:18 | 000,000,000 | -H-D | C] -- C:\Users\TobiasHäberli\AppData
[2011.02.06 18:13:18 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Local\Temp
[2011.02.06 18:13:18 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Local\Microsoft
[2011.02.06 18:13:18 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Media Center Programs
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.02.06 18:07:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.02.06 18:05:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.02.06 18:04:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.02.06 18:04:14 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.06 18:15:29 | 000,696,784 | ---- | M] () -- C:\Windows\SysNative\oem1.inf
[2011.02.06 18:15:00 | 003,891,200 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2011.02.06 18:15:00 | 003,555,840 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2011.02.06 18:15:00 | 003,058,168 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2011.02.06 18:15:00 | 000,095,472 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2011.02.06 18:15:00 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2011.02.06 18:14:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.02.06 18:12:59 | 000,013,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.06 18:12:59 | 000,013,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.06 18:09:48 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.06 18:09:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.06 18:09:25 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.06 18:08:42 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.02.06 18:08:42 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.02.06 10:14:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TobiasHäberli\Desktop\OTL.exe
 
========== Files Created - No Company Name ==========
 
[2011.02.06 18:15:35 | 000,696,784 | ---- | C] () -- C:\Windows\SysNative\oem1.inf
[2011.02.06 18:15:10 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2011.02.06 18:14:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.02.06 18:13:53 | 000,001,409 | ---- | C] () -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.02.06 18:13:48 | 000,001,443 | ---- | C] () -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.02.06 18:08:34 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.02.06 18:08:18 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.02.06 18:04:39 | 3113,361,408 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2011.02.06 18:14:59 | 000,000,000 | ---D | M] -- C:\Users\TobiasHäberli\AppData\Roaming\WinBatch
[2009.07.14 06:08:49 | 000,000,882 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.06 18:16:05 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\TobiasHäberli\Desktop\OTL.exe
[2011.02.06 18:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011.02.06 18:15:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2011.02.06 18:15:51 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.02.06 18:15:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.02.06 18:15:10 | 003,555,840 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2011.02.06 18:15:10 | 000,095,472 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2011.02.06 18:15:09 | 003,891,200 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2011.02.06 18:15:09 | 003,058,168 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2011.02.06 18:15:09 | 000,000,000 | ---D | C] -- C:\Programme\Broadcom
[2011.02.06 18:14:59 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\WinBatch
[2011.02.06 18:13:46 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.02.06 18:13:46 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Searches
[2011.02.06 18:13:46 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.02.06 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Identities
[2011.02.06 18:13:32 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Contacts
[2011.02.06 18:13:30 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Local\VirtualStore
[2011.02.06 18:13:18 | 000,000,000 | --SD | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Videos
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Saved Games
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Pictures
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Music
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Links
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Favorites
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Downloads
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Documents
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\Desktop
[2011.02.06 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Vorlagen
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\AppData\Local\Verlauf
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\AppData\Local\Temporary Internet Files
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Startmenü
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\SendTo
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Recent
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Netzwerkumgebung
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Lokale Einstellungen
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Documents\Eigene Videos
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Documents\Eigene Musik
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Eigene Dateien
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Documents\Eigene Bilder
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Druckumgebung
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Cookies
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\AppData\Local\Anwendungsdaten
[2011.02.06 18:13:18 | 000,000,000 | -HSD | C] -- C:\Users\TobiasHäberli\Anwendungsdaten
[2011.02.06 18:13:18 | 000,000,000 | -H-D | C] -- C:\Users\TobiasHäberli\AppData
[2011.02.06 18:13:18 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Local\Temp
[2011.02.06 18:13:18 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Local\Microsoft
[2011.02.06 18:13:18 | 000,000,000 | ---D | C] -- C:\Users\TobiasHäberli\AppData\Roaming\Media Center Programs
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.02.06 18:13:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.02.06 18:07:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.02.06 18:05:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.02.06 18:04:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.02.06 18:04:14 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2011.02.06 18:17:52 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.06 18:17:52 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.06 18:17:52 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.06 18:17:52 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.06 18:17:52 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.06 18:15:29 | 000,696,784 | ---- | M] () -- C:\Windows\SysNative\oem1.inf
[2011.02.06 18:15:00 | 003,891,200 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2011.02.06 18:15:00 | 003,555,840 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2011.02.06 18:15:00 | 003,058,168 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2011.02.06 18:15:00 | 000,095,472 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2011.02.06 18:15:00 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2011.02.06 18:14:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.02.06 18:12:59 | 000,013,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.06 18:12:59 | 000,013,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.06 18:09:48 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.06 18:09:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.06 18:09:25 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.06 18:08:42 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.02.06 18:08:42 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.02.06 10:14:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TobiasHäberli\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2011.02.06 18:15:35 | 000,696,784 | ---- | C] () -- C:\Windows\SysNative\oem1.inf
[2011.02.06 18:15:10 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2011.02.06 18:14:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.02.06 18:13:53 | 000,001,409 | ---- | C] () -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.02.06 18:13:48 | 000,001,443 | ---- | C] () -- C:\Users\TobiasHäberli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.02.06 18:08:34 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.02.06 18:08:18 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.02.06 18:04:39 | 3113,361,408 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011.02.06 18:14:59 | 000,000,000 | ---D | M] -- C:\Users\TobiasHäberli\AppData\Roaming\WinBatch
[2009.07.14 06:08:49 | 000,000,882 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.02.2011 18:16:28 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\TobiasHäberli\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,81 Gb Total Space | 134,49 Gb Free Space | 90,38% Space Free | Partition Type: NTFS
Drive D: | 148,88 Gb Total Space | 82,21 Gb Free Space | 55,22% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,74 Gb Total Space | 2,34 Gb Free Space | 62,73% Space Free | Partition Type: FAT32
 
Computer Name: TobiasHaeberli | User Name: TobiasHäberli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
 
< End of report >

--- --- ---

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

< End of report >

Danke vielmals...

Lg

Tulbi

markusg · 06.02.2011, 18:52

ok, belegt sind aber jetzt laut otllog trotzdem 130 gb. sehe aber keinen windows old ordner.
scheint also geklappt zu haben

Tulbi · 14.02.2011, 10:16

Hallo Markusg

Mein Pc funktioniert eigentlich immernoch NUR:

- ist die Graphik bei DVD nun eher sehr schlecht (Streifen, ruckeln etc...)
- hat es allen Orten Dateien a la "hiberfil.sys" oder "desktop.ini" und viele viele
versteckte Ordner

Was kann ich gegen diese zwei Probleme tun?

Lg

Tulbi

markusg · 14.02.2011, 11:23

wo gibts diese hiberfil.sys dateien? wie groß sind sie?
ich denke immernoch du hast beim formatieren was falsch gemacht, dein belegter festplatten speicher ist ja nicht weniger geworden...

06.02.2011, 17:30	#63
markusg /// Malware-holic	Virus W32.Ramnit.C Skichallenge Avira wie heißen die dateien denn? was hast du denn schon so alles instaliert? viel? __________________ __________________

06.02.2011, 17:33	#65
markusg /// Malware-holic	Virus W32.Ramnit.C Skichallenge Avira hast du denn wirklich formatiert oder nur windows drüber instaliert? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Virus W32.Ramnit.C Skichallenge Avira

Plagegeister aller Art und deren Bekämpfung: Virus W32.Ramnit.C Skichallenge Avira