| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Diagnostic wirklich entfernt? - Log filesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.03.2011, 19:40
| #1 |
 |  Windows Diagnostic wirklich entfernt? - Log files Hallo zusammen! Ich hatte vorhin eine unliebsame Begegnung mit der Malware "Windows Diagnostic" und bin den Tipps des Forums, die DaGuru im Thread http://www.trojaner-board.de/96619-w...entfernen.html gegeben hat, gefolgt, um sie loszuwerden. Bisher hat es auch keine neuen Fake-Warnmeldungen oder Abstürze gegeben, aber ich bin jetzt sehr unsicher und weiß nicht, ob der PC, der zu allem Übel auch noch meiner Freundin gehört, wirklich wieder sicher ist. Daher wäre ich extrem dankbar, wenn jemand sich die Zeit nähme, mal meine Logfiles durchzuschauen und auszuwerten. Vielen lieben Dank auf jeden Fall schonmal! Ebenso verärgert, wie ich immer bin, wenn mir bewusst wird, dass Menschen anderen absichtlich die PCs zerstören, so angetan und begeistert bin ich, dass es hier nette Leute gibt, die ihre Kenntnisse zur Hilfe der anderen zur Verfügung stellen. Das verdient wirklich Anerkennung! Euer arnadil Hier also die Logs: 1) Ein Malwarebytes' Anti-Malware Quickscan-Log (Das habe ich zuerst gemacht und dabei hat er was gefunden, bei dem Großscan danach (Log unten) nichts mehr): Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6119 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 21.03.2011 17:18:12 mbam-log-2011-03-21 (17-18-12).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143317 Laufzeit: 11 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\45080328.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\programdata\ssfdrvxaoxpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Anny\AppData\Local\Temp\0.08095659390169185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. 2) Das Malwarebytes' Anti-Malware-vollständigerScan-Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6119 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 21.03.2011 19:00:11 mbam-log-2011-03-21 (19-00-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 275689 Laufzeit: 1 Stunde(n), 41 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) 3) Das erste OTL-Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.03.2011 19:33:57 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Anny\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.013,00 Mb Total Physical Memory | 208,00 Mb Available Physical Memory | 21,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 23,41 Gb Free Space | 41,88% Space Free | Partition Type: NTFS Drive E: | 54,43 Gb Total Space | 35,97 Gb Free Space | 66,09% Space Free | Partition Type: NTFS Computer Name: ANNY-PC | User Name: Anny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Anny\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\herbert\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\consent.exe (Microsoft Corporation) PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Anny\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gusvc) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IKFileSec) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.) DRV - (IKSysSec) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.) DRV - (IkSysFlt) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (PDNMp50) -- C:\Windows\System32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\Windows\System32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (w200obex) -- C:\Windows\System32\drivers\w200obex.sys (MCCI) DRV - (w200mdm) -- C:\Windows\System32\drivers\w200mdm.sys (MCCI) DRV - (w200mdfl) -- C:\Windows\System32\drivers\w200mdfl.sys (MCCI) DRV - (w200bus) Sony Ericsson W200 driver (WDM) -- C:\Windows\System32\drivers\w200bus.sys (MCCI) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.startup.homepage: "www.web.de" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.04 15:02:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.04 15:02:41 | 000,000,000 | ---D | M] [2009.01.30 11:35:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Anny\AppData\Roaming\mozilla\Extensions [2010.11.24 00:25:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Anny\AppData\Roaming\mozilla\Firefox\Profiles\1ml04r0u.default\extensions [2009.06.24 18:28:54 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anny\AppData\Roaming\mozilla\Firefox\Profiles\1ml04r0u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.28 22:04:32 | 000,000,000 | -H-D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\Anny\AppData\Roaming\mozilla\Firefox\Profiles\1ml04r0u.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2010.11.24 00:24:47 | 000,000,000 | -H-D | M] ("BitDefender QuickScan") -- C:\Users\Anny\AppData\Roaming\mozilla\Firefox\Profiles\1ml04r0u.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2009.09.21 13:43:05 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Anny\AppData\Roaming\mozilla\Firefox\Profiles\1ml04r0u.default\extensions\moveplayer@movenetworks.com [2010.03.12 11:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.30 11:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2009.01.30 11:35:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2009.09.01 22:20:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.25 18:44:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.12 11:37:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.05 15:49:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.05 15:49:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.05 15:49:26 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.05 15:49:26 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.05 15:49:26 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\herbert\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [TOSCDSPD] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\herbert\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Anny\AppData\Roaming\Dropbox\bin\Dropbox.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Anny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Anny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.21 16:57:11 | 000,000,000 | ---D | C] -- C:\Users\Anny\AppData\Roaming\Malwarebytes [2011.03.21 16:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.03.21 16:47:52 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.03.21 16:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.03.21 16:45:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.21 16:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herbert [2011.03.21 16:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.21 16:45:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.21 16:45:13 | 000,000,000 | ---D | C] -- C:\Programme\herbert [2011.03.21 15:32:43 | 000,000,000 | -H-D | C] -- C:\Users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic [2011.03.09 16:18:28 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 16:18:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 16:18:27 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 16:18:27 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.02.24 09:50:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.24 09:48:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.24 09:47:56 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.24 09:47:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.24 09:47:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.24 09:47:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.24 09:47:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.24 09:47:51 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.24 09:47:51 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.24 09:47:51 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.24 09:47:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.24 09:47:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.24 09:47:39 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.24 09:47:39 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.02.24 09:47:38 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.24 09:47:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.24 09:47:38 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.21 18:27:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.21 18:27:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.21 17:18:38 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ihpynnvr.sys [2011.03.21 16:57:18 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.21 16:49:49 | 000,001,094 | ---- | M] () -- C:\Users\Anny\Desktop\Spybot - Search & Destroy.lnk [2011.03.21 16:26:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.21 15:53:54 | 000,000,392 | -H-- | M] () -- C:\ProgramData\45080328 [2011.03.21 15:52:04 | 000,000,064 | -H-- | M] () -- C:\ProgramData\~45080328 [2011.03.21 15:32:47 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~45080328r [2011.03.21 15:32:44 | 000,000,626 | -H-- | M] () -- C:\Users\Anny\Desktop\Windows Diagnostic.lnk [2011.03.21 15:30:43 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.15 00:38:48 | 000,193,079 | -H-- | M] () -- C:\Users\Anny\helden.zip.hld.ok [2011.03.15 00:38:44 | 000,000,391 | -H-- | M] () -- C:\Users\Anny\.dsa4.properties [2011.03.13 15:55:41 | 000,000,016 | -H-- | M] () -- E:\Documents\mxfilerelatedcache.mxc2 [2011.03.13 15:26:38 | 001,690,913 | -H-- | M] () -- C:\Users\Anny\Desktop\IHK.pdf [2011.03.11 00:53:40 | 000,127,989 | ---- | M] () -- E:\Documents\SOG-Protokoll-Berlin-110309.pdf [2011.03.10 22:15:54 | 000,004,040 | -H-- | M] () -- C:\Users\Anny\.recently-used.xbel [2011.02.22 16:53:31 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.22 16:53:31 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.22 16:53:31 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.22 16:53:31 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.21 17:18:38 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ihpynnvr.sys [2011.03.21 16:49:49 | 000,001,094 | ---- | C] () -- C:\Users\Anny\Desktop\Spybot - Search & Destroy.lnk [2011.03.21 16:45:21 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.21 15:32:47 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~45080328r [2011.03.21 15:32:46 | 000,000,064 | -H-- | C] () -- C:\ProgramData\~45080328 [2011.03.21 15:32:44 | 000,000,626 | -H-- | C] () -- C:\Users\Anny\Desktop\Windows Diagnostic.lnk [2011.03.21 15:32:38 | 000,000,392 | -H-- | C] () -- C:\ProgramData\45080328 [2011.03.13 15:55:41 | 000,000,016 | -H-- | C] () -- E:\Documents\mxfilerelatedcache.mxc2 [2011.03.13 15:47:43 | 001,690,913 | -H-- | C] () -- C:\Users\Anny\Desktop\IHK.pdf [2011.03.11 00:53:46 | 000,127,989 | ---- | C] () -- E:\Documents\SOG-Protokoll-Berlin-110309.pdf [2011.03.10 22:15:54 | 000,004,040 | -H-- | C] () -- C:\Users\Anny\.recently-used.xbel [2011.02.24 09:47:42 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.24 09:47:42 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.02.24 09:47:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.05.20 19:03:14 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.05.20 19:03:14 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.05.17 17:36:15 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.10.14 20:23:52 | 000,000,120 | ---- | C] () -- C:\Windows\civ.ini [2009.09.24 11:03:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 11:03:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.14 09:58:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.30 13:51:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2008.10.22 16:27:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1587.dll [2008.07.14 18:12:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2007.10.05 17:32:57 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.23 17:40:40 | 000,042,982 | ---- | C] () -- C:\Windows\System32\pddsladp.dll [2007.07.15 15:07:08 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2007.07.05 22:59:16 | 000,012,288 | -H-- | C] () -- C:\Users\Anny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.05.28 22:37:08 | 000,000,016 | -H-- | C] () -- C:\Users\Anny\AppData\Roaming\mxfilerelatedcache.mxc2 [2007.05.28 22:37:08 | 000,000,016 | -H-- | C] () -- C:\Users\Anny\AppData\Local\mxfilerelatedcache.mxc2 [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.03.14 09:34:13 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.03.13 12:03:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.03.13 12:03:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.03.13 12:03:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.03.13 12:03:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.03.13 12:03:08 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.03.13 12:03:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.03.13 11:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.03.13 11:31:43 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.03.13 11:31:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.03.13 11:31:43 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.03.13 11:31:43 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.03.13 11:25:15 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2007.03.13 11:25:15 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2007.03.13 11:18:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll [2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.24 07:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2006.11.02 16:33:31 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,125,184 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,322,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2000.07.15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe [1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2011.03.21 14:59:47 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\Dropbox [2010.05.26 12:10:23 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\FileOpen [2010.10.22 12:43:40 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\FreeFLVConverter [2010.07.24 18:52:25 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\GenJ3 [2011.03.10 22:15:54 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\gtk-2.0 [2010.01.21 17:57:04 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\InfraRecorder [2007.05.26 16:48:36 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\InterVideo [2010.08.24 10:06:14 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\Juniper Networks [2010.05.17 17:00:17 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\MAGIX [2009.08.06 13:22:49 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\Orbit [2010.11.24 00:26:52 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\QuickScan [2007.05.25 22:10:44 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\Toshiba [2010.10.22 12:58:39 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\TubeBox [2010.11.24 00:28:11 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\TuneUp Software [2010.11.24 13:37:25 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\UFOAI [2007.08.04 14:57:43 | 000,000,000 | -H-D | M] -- C:\Users\Anny\AppData\Roaming\Ulead Systems [2011.03.21 16:23:51 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > 4) Das OTL Extras-Log:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.03.2011 19:33:57 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Anny\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.013,00 Mb Total Physical Memory | 208,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 23,41 Gb Free Space | 41,88% Space Free | Partition Type: NTFS
Drive E: | 54,43 Gb Total Space | 35,97 Gb Free Space | 66,09% Space Free | Partition Type: NTFS
Computer Name: ANNY-PC | User Name: Anny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01068FBA-9169-4433-BCFF-1D5267F79516}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7DB8E861-7B1C-4A9D-92D8-C88167A6E374}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{889BF075-A705-40F3-8ADD-43E272F3F57B}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{8B10EC7E-5ADB-4C4E-8248-181EFF947FFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AA00572-7083-454D-BAB5-7A06126835A1}" = protocol=6 | dir=in | app=c:\users\anny\appdata\roaming\dropbox\bin\dropbox.exe |
"{4358FD80-F70A-444F-B894-77A17E5338E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48333473-F314-46D2-BFE1-18930AE32F1F}" = protocol=17 | dir=in | app=c:\users\anny\appdata\roaming\dropbox\bin\dropbox.exe |
"{5F39D999-0D87-4BD8-96F5-FE4B431B1A1D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C7E63C0D-4E1E-4AA8-B740-E4037C8D3819}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{CC111109-ECE5-411B-BC6D-78614C3DD87A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CCE75782-A19D-41B9-BF49-F3CDA4680011}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{37EE6FD9-CCD5-4423-9494-3AF36B8BFC7D}" = Thief Gold
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.05
"{50367982-D17D-4DE1-8A9F-7BFC411C09F0}" = phase6
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}" = Fussball Manager 2004
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D96ED789-9A41-4A89-99A4-3CE466A80DF2}" = MAGIX Screenshare
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E2729A36-33EB-4094-9759-2C7A666DE296}" = Etherlords
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Alice" = Alice-Installationsdateien entfernen
"ANNO1602" = Anno 1602
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Deus Ex" = Deus Ex
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"GenealogyJ 3.0" = GenealogyJ 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InfraRecorder" = InfraRecorder
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"myphotobook" = myphotobook 3.1
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Spyware Doctor" = Spyware Doctor 5.5
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"UFO:Alien Invasion" = UFO:AI 2.3
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLems_is1" = WinLems 1.24
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.08.2009 16:52:28 | Computer Name = Anny-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 3.8.0.139 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: fe0 Anfangszeit: 01ca28213bbb8dbe Zeitpunkt der Beendigung:
22
Error - 28.08.2009 16:53:08 | Computer Name = Anny-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 3.8.0.139 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: cd0 Anfangszeit: 01ca28217b4740fe Zeitpunkt der Beendigung:
12
Error - 29.08.2009 05:34:13 | Computer Name = Anny-PC | Source = RasClient | ID = 20227
Description =
[ Media Center Events ]
Error - 17.04.2008 09:09:20 | Computer Name = Anny-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 15.04.2009 14:55:59 | Computer Name = Anny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14928
seconds with 8880 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.03.2011 03:53:58 | Computer Name = Anny-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
0016E3A548D8 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 16.03.2011 06:00:08 | Computer Name = Anny-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
0016E3A548D8 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 21.03.2011 09:59:10 | Computer Name = Anny-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.50 für die Netzwerkkarte mit der Netzwerkadresse
0016E3A548D8 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 21.03.2011 10:45:05 | Computer Name = Anny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.03.2011 10:54:19 | Computer Name = Anny-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 21.03.2011 11:04:42 | Computer Name = Anny-PC | Source = DCOM | ID = 10010
Description =
Error - 21.03.2011 11:33:21 | Computer Name = Anny-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 21.03.2011 12:42:50 | Computer Name = Anny-PC | Source = DCOM | ID = 10005
Description =
Error - 21.03.2011 12:42:51 | Computer Name = Anny-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 21.03.2011 12:47:18 | Computer Name = Anny-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
21.03.2011, 19:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Diagnostic wirklich entfernt? - Log files Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
21.03.2011, 20:25
| #3 |
| | Windows Diagnostic wirklich entfernt? - Log files Es gibt nur die beiden angeführten, da ich das Programm heute erst installiert habe, nachdem ich die Tipps hier gelesen habe. Wenn es hilft, kann ich noch weitere Suchläufe starten...?
__________________Danke schonmal! |
|
21.03.2011, 20:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Diagnostic wirklich entfernt? - Log files Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
SRV - (gusvc) -- File not found
SRV - (CLTNetCnService) -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.03.2011, 21:26
| #5 | |
| | Windows Diagnostic wirklich entfernt? - Log files Hier also die Logdatei: Zitat:
|
|
21.03.2011, 21:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Diagnostic wirklich entfernt? - Log files Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Windows Diagnostic wirklich entfernt? - Log files |
|
21.03.2011, 22:19
| #7 |
| | Windows Diagnostic wirklich entfernt? - Log files Also hier das Log vom ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-21.01 - Anny 21.03.2011 22:00:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1013.358 [GMT 1:00]
ausgeführt von:: c:\users\Anny\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Anny\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
c:\users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
c:\users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Windows Diagnostic.lnk
c:\users\Anny\Desktop\Windows Diagnostic.lnk
c:\users\Anny\FAVORI~1\mxfilerelatedcache.mxc2
c:\users\Anny\Favorites\mxfilerelatedcache.mxc2
c:\users\Public\Favorites\mxfilerelatedcache.mxc2
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-21 bis 2011-03-21 ))))))))))))))))))))))))))))))
.
.
2011-03-21 21:10 . 2011-03-21 21:11 -------- d-----w- c:\users\Anny\AppData\Local\temp
2011-03-21 21:10 . 2011-03-21 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-21 20:43 . 2011-03-21 20:43 -------- d-----w- c:\program files\CCleaner
2011-03-21 20:41 . 2011-03-21 20:42 -------- d-----w- c:\program files\Google
2011-03-21 20:22 . 2011-03-21 20:22 -------- d-----w- C:\_OTL
2011-03-21 15:57 . 2011-03-21 15:57 -------- d-----w- c:\users\Anny\AppData\Roaming\Malwarebytes
2011-03-21 15:47 . 2011-03-21 20:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-21 15:47 . 2011-03-21 20:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-21 15:45 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-21 15:45 . 2011-03-21 15:45 -------- d-----w- c:\programdata\Malwarebytes
2011-03-21 15:45 . 2011-03-21 15:57 -------- d-----w- c:\program files\herbert
2011-03-21 15:45 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-21 14:07 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83886E56-554B-412D-86D8-9463E3C53B7B}\mpengine.dll
2011-03-09 15:18 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 15:18 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 15:18 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 15:18 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 15:18 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 15:18 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-24 08:48 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 14:30 . 2009-07-01 15:19 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2009-10-06 10:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 15:50 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 15:50 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 15:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 15:50 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 15:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 15:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 15:49 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 15:49 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 15:50 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 15:50 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 15:49 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 15:50 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 15:49 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 15:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 15:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 15:50 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 15:50 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 15:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 15:50 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 15:50 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 15:50 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 15:50 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 15:50 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 15:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 15:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 15:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 15:50 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 15:50 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 15:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 15:48 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 15:52 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-29 11:55 . 2010-12-29 11:55 1222408 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-28 15:55 . 2011-01-12 13:24 413696 ----a-w- c:\windows\system32\odbc32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Anny\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Anny\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Anny\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-24 281768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\herbert\mbam.exe" [2010-12-20 963976]
.
c:\users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Anny\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-24 135336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 20:41]
.
2011-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-21 20:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://alice.aol.de
mStart Page = hxxp://alice.aol.de
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Anny\AppData\Roaming\Mozilla\Firefox\Profiles\1ml04r0u.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - prefs.js: browser.startup.homepage - www.web.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Ecosia (eco-friendly search engine): {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} - %profile%\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-21 22:11
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Anny\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-21 22:15:32
ComboFix-quarantined-files.txt 2011-03-21 21:15
.
Vor Suchlauf: 6 Verzeichnis(se), 25.620.680.704 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 25.454.776.320 Bytes frei
.
- - End Of File - - 8C0DAE0D2DD62E1BE816A8F133473C68[/QUOTE]
|
|
22.03.2011, 10:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Diagnostic wirklich entfernt? - Log files Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2011, 12:38
| #9 | |
| | Windows Diagnostic wirklich entfernt? - Log files Ich hoffe, dass das richtig war. Das Programm scheint sehr viel neuer zu sein, als es in der Anleitung steht, und es war weder ein Neustart erforderlich noch gab es mehr Funktionen als "Scan" und "Report". Übrigens sagt mein Pc jetzt, das einige Autostartprogramme geblockt wurden. Das hat aber seine Richtigkeit, oder? Das ist also der Report: Zitat:
|
|
22.03.2011, 14:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Diagnostic wirklich entfernt? - Log files Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2011, 21:00
| #11 | |
| | Windows Diagnostic wirklich entfernt? - Log files Das erste Programm hat keine Modifikationen gefunden und das Log ist leer. Osam: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:34:29 on 22.03.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl "TOSCDSPD.cpl" - ? - C:\Windows\system32\TOSCDSPD.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Anny\AppData\Local\Temp\catchme.sys (File not found) "File Filter Driver" (IKFileFlt) - ? - C:\Windows\System32\drivers\ikfileflt.sys (File not found) "File Security Driver" (IKFileSec) - "PCTools Research Pty Ltd." - C:\Windows\system32\drivers\ikfilesec.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys "PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "System Filter Driver" (IkSysFlt) - "PCTools Research Pty Ltd." - C:\Windows\System32\drivers\iksysflt.sys "System Security Driver" (IKSysSec) - "PCTools Research Pty Ltd." - C:\Windows\System32\drivers\iksyssec.sys "Tosrfcom" (Tosrfcom) - ? - C:\Windows\system32\drivers\Tosrfcom.sys (File not found) "Touch Pad Detection Filter driver" (TpChoice) - ? - C:\Windows\System32\DRIVERS\TpChoice.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab {F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll "eBay" - ? - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (HTTP value) "PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Anny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - ? - C:\Users\Anny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\herbert\mbam.exe" /runcleanupscript "NDSTray.exe" - ? - NDSTray.exe (File not found) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Program Files\Spyware Doctor\pctsAuxs.exe "PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Program Files\Spyware Doctor\pctsSvc.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE] MBRCheck: Zitat:
Mein Internet will jetzt beim einwählen, dass ich Chrome öffne...den Browser hatte ich bis jetzt gar nicht. Wo kommt der her? Ist das normal? Besteht ein Zusammenhang? |
|
22.03.2011, 21:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Diagnostic wirklich entfernt? - Log files Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2011, 10:40
| #13 | ||
| | Windows Diagnostic wirklich entfernt? - Log files Na dann: 1) Malwarebytes: Zitat:
2) SuperAntiSpyware (wobei ich anmerken muss, dass ich ein Worddokument offen hatte und gelesen habe, weil es während des langen Suchlaufs dringend wurde und keinen Aufschub duldete): Zitat:
|
|
24.03.2011, 10:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Diagnostic wirklich entfernt? - Log files Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2011, 11:22
| #15 |
| | Windows Diagnostic wirklich entfernt? - Log files Einige Kleinigkeiten, bei denen ich nicht weiß, ob sie problematisch sind: - Beim Starten kommt ein Hinweis, dass Autostartprogramme blockiert würden. - Ebenso kommt ein Hinweis, dass Coputerprobleme behoben werden sollte/könnten. - Und zu guter letzt hat sich Google Chrome installiert und ich musste den erst starten, um wieder ins Internet zu dürfen. Große Probleme habe ich aber derzeit keine. Danke auf jeden Fall! Das war mir eine riesige Hilfe und wohl auch Rettung. |
|
| Themen zu Windows Diagnostic wirklich entfernt? - Log files |
| alternate, antivir, avgntflt.sys, avira, bho, desktop, downloader, druck, entfernt?, error, excel.exe, firefox, flash player, format, home, install.exe, installation, location, log file, log files, malware, media center, microsoft office word, mozilla, nvlddmkm.sys, oldtimer, otl-log, otl.exe, picasa, plug-in, programdata, realtek, registry, rundll, safer networking, saver, sched.exe, searchplugins, security, security update, senden, shell32.dll, shortcut, skype.exe, software, spyware, start menu, svchost.exe, vista, windows |
FC5A2B2 deleted successfully.
Linear-Darstellung
