| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Kazy.mekml / kein zugriff mehr auf die FestplatteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.05.2011, 17:22
| #1 |
 |  Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Hallo, ich habe mir den Kazy Trojaner auf meinem Laptop eingefangen. Der Dektophintergrund ist schwarz, alle Icons sind verschwunden bis auf den Browser und den Papierkorb, Antivir hat mir den Trojaner gemeldet und ein löschen blieb erfolglos. Es kam eine Meldung das meine Festplatte beschädigt sei und ein Zugriff auf die Daten war auch nicht mehr möglich. Ich habe dann Malwarebytes installiert und einen Vollscan durchgeführt. Dabei ist der Rechner einmal abgestürtzt. Ich habe dann nach dem ersten Fund abgebrochen und den Fund löschen lassen und den Scan erneut durchgeführt. Es wurden weitereInfizierte Objekte gefunden welche dann gelöscht wurden. Der Desktop ist immer noch schwarz und es ist kein Zugriff auf meine Daten möglich. Ich bitte um Hilfe und bedanke mich schonmal!! (edit: Ich habe Windows Vista als Betreibssystem) Hier die Malware Logs: Erstes Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> 3572 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKECjCxHfiQS (Trojan.FakeAlert) -> Value: vKECjCxHfiQS -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Zweites (mit unkenntlich gemachtem Namen): Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 602190 Laufzeit: 5 Stunde(n), 23 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Z48TH845\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\Desktop\papierkorb\unbekannte dateien\refog_setup_free_kl_520.exe (PUP.KeyLogger) -> Quarantined and deleted successfully. c:\Users\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\spyware protection .lnk (Malware.Trace) -> Quarantined and deleted successfully. |
|
02.05.2011, 22:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Warum postest du die Logs unvollstöndig??
__________________ Der Kopf der Logs von Malwarebytes mit den Versions- und Datumsangaben fehlt!
__________________ |
|
03.05.2011, 11:11
| #3 |
| | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Hopla
__________________ Hier dann nochmal komplett Erstes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6447 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 26.04.2011 18:15:25 mbam-log-2011-04-26 (18-15-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 3073 Laufzeit: 5 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> 3572 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKECjCxHfiQS (Trojan.FakeAlert) -> Value: vKECjCxHfiQS -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\vkecjcxhfiqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Zweites: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6447 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 26.04.2011 18:24:51 mbam-log-2011-04-26 (18-24-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 602190 Laufzeit: 5 Stunde(n), 23 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Z48TH845\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\Desktop\papierkorb\unbekannte dateien\refog_setup_free_kl_520.exe (PUP.KeyLogger) -> Quarantined and deleted successfully. c:\Users\***\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\spyware protection .lnk (Malware.Trace) -> Quarantined and deleted successfully. |
|
03.05.2011, 12:43
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Kazy.mekml / kein zugriff mehr auf die FestplatteZitat:
Bitte Malwarebytes updaten und einen Vollscan machen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.05.2011, 01:01
| #5 |
| | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Hey, schonmal vielen Dank für deine Antwort, hab aktualisiert und den Vollscan durchgeführt, es wurde diesmal nichts gefunden: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6499 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 04.05.2011 01:54:43 mbam-log-2011-05-04 (01-54-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 603533 Laufzeit: 5 Stunde(n), 59 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
04.05.2011, 12:45
| #6 |
| | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Ich habe jetzt noch einen Scan mit OTL gemacht: Extras Log: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.05.2011 13:29:57 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,07 Gb Total Space | 13,36 Gb Free Space | 7,46% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3300517A-18CA-4C49-A8F6-22C64CBB10D5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{37931F2E-5E5B-4179-A324-27522094BD99}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{38CA6172-9A3C-42C1-80A8-C8F241A48482}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{66F5A17C-FCCC-4615-8068-93BAE605B294}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{69E717C6-D0B8-469D-A090-52900169C48A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6DFF8E62-72FA-4F9E-9FD4-726915A79094}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{777A0447-8911-4CA1-AB8F-4024E030BE85}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{7E8A69E3-D36F-417C-A867-A30C11FDA8F8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{97F9A59A-745C-4987-8417-D5312C694D4B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{C683BD32-19CB-4FF7-BA15-548A29B8D4D0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C88D3E50-6DBC-4464-A6A9-4DB4F56FC154}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{ECD9D5EB-C038-4852-AD61-E4273E6E9191}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{F1593094-AD4C-4CE4-B4B7-AEA744C3E4DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F42A058F-ECCE-4BDC-8394-D3D2BDF1C901}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F73A1C7B-C154-4851-8E5A-25FD8E0AED4D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FF31A69A-502C-43F4-923C-61DA6E545832}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{721B2824-BD89-44C1-889F-CCA626A7A37E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{6A2ADD78-24DE-40AA-B510-74B31AE4898A}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{374F03BB-9C09-4DB3-9C9B-C71E63292950}" = Google Earth
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{46008F4B-A8C3-4282-ACE3-73821F860911}" = OpenOffice.org 2.4
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4FE315B7-4634-4587-80FF-D40BF0989567}" = Wolfram Notebook Indexer 2.0
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59061D20-CFC3-4C2E-8B41-9243678ACE8D}" = 54M Wireless
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CD925C9-BA3C-4955-9FC8-B1AB729AF874}" = Symantec Real Time Storage Protection Component
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 - Deutsch
"{AD6ACA58-30FE-4336-A5B0-461FD60AF727}" = FileOpen Client
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda Standard V5.7.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBC658BB-C766-4852-8DBA-7E1DBFBC9D36}" = Wolfram Mathematica 6
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cave Story" = Cave Story
"Celestia_is1" = Celestia 1.5.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Command & Conquer 95" = Command & Conquer Windows 95
"DAEMON Tools Lite" = DAEMON Tools Lite
"DPP" = Canon Utilities Digital Photo Professional 3.9
"dt icon module" =
"eBay HTML" =
"EOS Utility" = Canon Utilities EOS Utility
"Funkyplot_is1" = Funkyplot 1.1.0-pre1
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" =
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DBC658BB-C766-4852-8DBA-7E1DBFBC9D36}" = Wolfram Mathematica 6
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"Picture Style Editor" = Canon Utilities Picture Style Editor
"R for Windows 2.12.2_is1" = R for Windows 2.12.2
"Red Alert" = Red Alert Windows 95
"scilab-5.3.0_is1" = scilab-5.3.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 3.2
"StarCraft" = StarCraft
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"UT2003" = Unreal Tournament 2003
"VAIO Help and Support" =
"VAIO MFU Module" =
"Virtual Villagers" = Virtual Villagers (remove only)
"Warcraft III" = Warcraft III
"WFTK" = Canon Utilities WFT Utility
"WinGimp-2.0_is1" = GIMP 2.6.11
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Download Agent" = Download Agent
"TeXLive2010" = TeX Live 2010
"ubivent" = ubivent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.10.2010 18:36:10 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =
Error - 27.10.2010 05:10:54 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 27.10.2010 06:10:39 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =
Error - 27.10.2010 18:30:47 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 28.10.2010 03:03:25 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =
Error - 28.10.2010 04:51:44 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 28.10.2010 05:51:12 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =
Error - 28.10.2010 19:09:09 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 28.10.2010 20:34:35 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =
Error - 29.10.2010 10:26:11 | Computer Name = ***-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
[ OSession Events ]
Error - 13.03.2009 01:51:34 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42733
seconds with 22140 seconds of active time. This session ended with a crash.
Error - 15.06.2009 17:21:15 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 24277 seconds with 5520 seconds of active time. This session ended with
a crash.
Error - 17.01.2011 09:31:57 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7074
seconds with 2760 seconds of active time. This session ended with a crash.
Error - 24.01.2011 19:55:11 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1529 seconds with 480 seconds of active time. This session ended with a
crash.
Error - 25.01.2011 14:44:19 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1969 seconds with 660 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 03.05.2011 16:28:23 | Computer Name = ***-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
Error - 03.05.2011 19:55:30 | Computer Name = ***-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{2B918E30-8F15-45AA-9E96-DD229AFF4A79} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 03.05.2011 19:55:29 | Computer Name = ***-PC | Source = netbt | ID = 4321
Description = Der Name "***-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.100
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 03.05.2011 19:55:29 | Computer Name = ***-PC | Source = netbt | ID = 4321
Description = Der Name "***-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.100
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 03.05.2011 19:55:30 | Computer Name = ***-PC | Source = netbt | ID = 4321
Description = Der Name "***-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.100
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 03.05.2011 20:02:40 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
Error - 04.05.2011 05:16:09 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 04.05.2011 05:17:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.05.2011 05:18:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 04.05.2011 05:18:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.05.2011 13:29:56 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 179,07 Gb Total Space | 13,36 Gb Free Space | 7,46% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (Norton Save and Restore) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe (Symantec Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) ========== Driver Services (SafeList) ========== DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100306.004\NAVENG.SYS (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20100224.001\IDSvix86.sys (Symantec Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (symsnap) -- C:\Windows\system32\DRIVERS\symsnap.sys (StorageCraft) DRV - (v2imount) -- C:\Windows\System32\drivers\v2imount.sys (Symantec Corporation) DRV - (VProEventMonitor) -- C:\Windows\System32\drivers\vproeventmonitor.sys (Symantec Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) DRV - (MTOnlPktAlyX) -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Welcome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Welcome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://apod.nasa.gov/apod/archivepix.html" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.04 01:56:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 01:56:27 | 000,000,000 | ---D | M] [2011.04.13 12:37:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.04.13 12:37:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.03 18:28:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c3y38vxv.default\extensions [2010.11.12 01:40:20 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\c3y38vxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.09 00:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.01.09 00:28:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.09 00:27:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.21 11:04:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.21 11:04:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.21 11:04:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.21 11:04:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.21 11:04:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.94.127.196 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\Shell - "" = AutoRun O33 - MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\Shell - "" = AutoRun O33 - MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\Shell - "" = AutoRun O33 - MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\Shell - "" = AutoRun O33 - MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\Shell - "" = AutoRun O33 - MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{88f05cbb-b746-11de-a80f-001a801eb153}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu O33 - MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\Shell - "" = AutoRun O33 - MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\Shell - "" = AutoRun O33 - MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\Shell - "" = AutoRun O33 - MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\Shell - "" = AutoRun O33 - MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.04 11:27:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.02 18:11:04 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.05.02 18:11:01 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.26 15:02:25 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.04.26 15:02:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.26 15:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.26 15:02:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.04.26 15:02:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.26 15:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.25 18:09:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.04.18 16:49:02 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\CANON_INC [2011.04.18 16:32:40 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\ZoomBrowser EX [2011.04.18 16:31:55 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Canon [2011.04.18 16:23:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\ZoomBrowser [2011.04.18 16:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2011.04.18 16:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2011.04.18 16:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon [2011.04.17 18:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood [2011.04.17 18:31:50 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe [2011.04.15 11:26:22 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\In Progress [2011.04.15 11:24:12 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Icons Programme [2011.04.14 03:09:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.13 18:15:31 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 18:15:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 18:15:15 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 18:15:14 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 18:14:53 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 18:14:41 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.13 18:14:35 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 18:14:35 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.13 18:14:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 18:14:33 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 18:14:33 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.13 18:14:33 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 18:14:33 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.13 18:14:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.13 18:14:31 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.13 18:14:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 18:14:15 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.13 18:14:14 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 18:03:47 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\SPR [2011.04.13 12:37:00 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.04.10 13:10:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood [2011.04.10 13:10:43 | 000,000,000 | -H-D | C] -- C:\WESTWOOD [2011.04.10 13:01:43 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.04.10 13:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.04.10 13:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011.04.10 13:00:54 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.04.10 13:00:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.04.10 00:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cave Story [2011.04.10 00:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\CaveStory - Einfach [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.04 13:16:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.04 13:16:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.04 11:28:33 | 000,000,120 | ---- | M] () -- C:\Users\***\Desktop\OTL.htm [2011.05.04 11:27:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.04 11:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.04 11:15:49 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2011.05.03 16:19:26 | 400,433,473 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.26 15:02:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 21:04:36 | 000,000,392 | -H-- | M] () -- C:\ProgramData\42852104 [2011.04.21 18:41:28 | 000,061,403 | -H-- | M] () -- C:\Users\***\.recently-used.xbel [2011.04.20 00:24:44 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.20 00:24:43 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.20 00:24:43 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.20 00:24:43 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.18 23:01:08 | 000,131,072 | -H-- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.15 16:00:59 | 000,570,634 | -H-- | M] () -- C:\Users\***\11.pdf [2011.04.14 03:45:29 | 000,369,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.12 15:07:28 | 000,000,584 | -H-- | M] () -- C:\Users\***\Documents\grstyles.stl [2011.04.12 13:29:02 | 000,000,009 | -H-- | M] () -- C:\Users\***\Documents\LastLab.sk [2011.04.12 13:23:18 | 000,000,203 | -H-- | M] () -- C:\Users\***\Documents\BasicLab.sk [2011.04.12 13:23:18 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\UserLab.sk [2011.04.10 13:05:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.04.10 13:05:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011.04.10 13:01:43 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.04.10 00:17:43 | 000,101,668 | ---- | M] () -- C:\Program Files\Cave Story - Deinstaller.exe [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.04 11:28:31 | 000,000,120 | ---- | C] () -- C:\Users\***\Desktop\OTL.htm [2011.04.30 15:01:27 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys [2011.04.26 15:02:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 20:46:02 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42852104 [2011.04.21 18:41:28 | 000,061,403 | -H-- | C] () -- C:\Users\***\.recently-used.xbel [2011.04.17 18:32:28 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE [2011.04.15 16:00:59 | 000,570,634 | -H-- | C] () -- C:\Users\***\11.pdf [2011.04.12 13:23:18 | 000,000,203 | -H-- | C] () -- C:\Users\***\Documents\BasicLab.sk [2011.04.12 13:23:18 | 000,000,009 | -H-- | C] () -- C:\Users\***\Documents\LastLab.sk [2011.04.12 13:23:18 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\UserLab.sk [2011.04.10 13:10:58 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2011.04.10 13:05:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011.04.10 13:05:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011.04.10 00:17:40 | 000,101,668 | ---- | C] () -- C:\Program Files\Cave Story - Deinstaller.exe [2011.01.16 02:00:28 | 000,000,961 | -H-- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history [2010.11.11 04:19:08 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.11.11 04:19:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.03.23 14:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.11.15 01:18:52 | 000,023,677 | ---- | C] () -- C:\Windows\War3Unin.dat [2008.12.26 14:18:08 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.01.05 19:24:56 | 000,131,072 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.05 19:24:53 | 000,000,680 | -H-- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.08.23 07:05:00 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.08.23 06:47:51 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2007.08.23 06:40:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll [2007.08.04 00:35:23 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.04 00:35:23 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.08.04 00:35:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2007.08.03 16:24:46 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat [2007.07.12 22:02:46 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.07.12 21:59:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.06.11 13:09:39 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007.06.11 13:09:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2007.06.11 13:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,369,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2009.10.30 22:57:39 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development [2011.04.18 16:31:55 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.04.10 13:04:53 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.01.15 16:15:24 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FileOpen [2011.04.21 18:41:13 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.04.25 16:42:16 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ICQ [2008.02.05 23:01:11 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2011.02.12 02:46:55 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Scilab [2008.10.05 16:17:28 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\T-Online [2011.04.13 12:37:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.05.04 02:02:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
04.05.2011, 13:41
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Kazy.mekml / kein zugriff mehr auf die FestplatteZitat:
Es ist oberste Priorität, rechtzeitig die wichtigen Updates zu installieren! Kümmern wirs uns später drum, wenn wir hier durch sind! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\Shell - "" = AutoRun
O33 - MountPoints2\{388501fa-094c-11e0-9129-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\Shell - "" = AutoRun
O33 - MountPoints2\{3885022b-094c-11e0-9129-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\Shell - "" = AutoRun
O33 - MountPoints2\{442fb2f5-07be-11e0-b9bc-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\Shell - "" = AutoRun
O33 - MountPoints2\{442fb320-07be-11e0-b9bc-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\Shell - "" = AutoRun
O33 - MountPoints2\{4b7d6751-622b-11e0-b0da-001a801eb153}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{88f05cbb-b746-11de-a80f-001a801eb153}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\Shell - "" = AutoRun
O33 - MountPoints2\{88f05cbe-b746-11de-a80f-001a801eb153}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\Shell - "" = AutoRun
O33 - MountPoints2\{a1cdd1fd-eced-11df-acb9-001a801eb153}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\Shell - "" = AutoRun
O33 - MountPoints2\{c723bf71-0df5-11e0-afb0-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\Shell - "" = AutoRun
O33 - MountPoints2\{c723bf7a-0df5-11e0-afb0-001b77ecc0cf}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 14:45
| #8 |
| | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Danke! Ich habe alles deaktiviert und das script ausgeführt. Nach ein paar Minuten kam dann die Meldung das OTL nicht mehr funktioniert und das Programm wurde beendet. Es gab kein Log File und ich musste den Rechner neu hochfahren. Ich sehe jetzt auf meinem Desktop die Datein die vorher dort ware aber als transparente Icons. Soll ich den Fix nochmal ausführen? |
|
04.05.2011, 14:55
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Ja wiederholen bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 15:13
| #10 | |
| | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Alles klar, hab es nochmal ausgeführt und diesmal lief alles ohne Probleme. Der Desktop ist allerdings wieder leer. Hier das Log file: Zitat:
|
|
04.05.2011, 15:27
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 16:56
| #12 | |
| | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Hab das Tool und unhide ausgeführt. Das Tool hat mir nichts angezeigt was entfernt werden müsste. Meine Ordner und Dateien sind wieder da Vielen Dank! Kann ich meine Daten in Ruhe sichern oder muss ich mir Sorgen machen das mein Datenträger infiziert werden könnte? Hier das log file: Zitat:
__________________ Gruß |
|
04.05.2011, 18:03
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.05.2011, 11:26
| #14 |
| | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Hi Arne, habe alles gemacht wie in der Anleitung beschrieben, hier das Combofix log: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-04.02 - *** 04.05.2011 23:29:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2038.1041 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: Avira AntiVir PersonalEdition *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\audiograbber\Audiograbber.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-04 bis 2011-05-04 ))))))))))))))))))))))))))))))
.
.
2011-05-04 21:44 . 2011-05-04 21:44 -------- d-----w- c:\users\***\AppData\Local\temp
2011-05-04 21:44 . 2011-05-04 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 21:13 . 2011-05-04 21:13 -------- d-----w- c:\program files\CCleaner
2011-05-04 13:18 . 2011-05-04 13:18 -------- d-----w- C:\_OTL
2011-05-03 10:21 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E0945CA-17B6-4950-B707-CD157C7D9084}\mpengine.dll
2011-05-02 16:11 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-02 16:11 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-26 13:02 . 2011-04-26 13:02 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-04-26 13:02 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 13:02 . 2011-04-26 13:02 -------- d-----w- c:\programdata\Malwarebytes
2011-04-26 13:02 . 2011-04-26 13:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-26 13:02 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 16:09 . 2011-04-25 16:09 -------- d-----w- c:\programdata\WindowsSearch
2011-04-18 14:49 . 2011-04-18 14:49 -------- d-----w- c:\users\***\AppData\Local\CANON_INC
2011-04-18 14:32 . 2011-04-18 14:32 -------- d-----w- c:\users\***\AppData\Roaming\ZoomBrowser EX
2011-04-18 14:31 . 2011-04-18 14:31 -------- d-----w- c:\users\***\AppData\Roaming\Canon
2011-04-18 14:23 . 2011-04-18 14:23 -------- d-----w- c:\programdata\ZoomBrowser
2011-04-18 14:21 . 2011-04-18 14:25 -------- d-----w- c:\program files\Canon
2011-04-18 14:20 . 2011-04-18 14:20 -------- d-----w- c:\program files\Common Files\Canon
2011-04-17 16:32 . 1996-12-11 10:22 69632 ----a-w- c:\windows\UNINSTCC.EXE
2011-04-17 16:31 . 1997-04-08 18:08 299520 ----a-w- c:\windows\uninst.exe
2011-04-13 16:15 . 2011-02-16 13:24 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-13 16:15 . 2011-02-16 15:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 16:15 . 2011-02-22 12:52 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 16:15 . 2011-02-22 12:52 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 16:15 . 2011-02-22 12:51 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 16:15 . 2011-02-22 12:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 16:15 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-13 16:15 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 16:15 . 2011-02-18 13:31 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 16:15 . 2011-02-18 13:31 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-13 16:15 . 2011-02-18 13:31 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-13 16:13 . 2011-03-03 15:00 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 10:37 . 2011-04-13 10:37 -------- d-----w- c:\users\***\AppData\Roaming\Thunderbird
2011-04-10 12:30 . 2011-04-10 12:29 1207398 ----a-w- c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westwood\Red Alert\RA108USP.EXE
2011-04-10 11:10 . 1996-11-06 19:11 69632 ----a-w- c:\windows\RAUNINST.EXE
2011-04-10 11:10 . 2011-04-17 16:32 -------- d-----w- C:\WESTWOOD
2011-04-10 11:01 . 2011-04-10 11:01 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-10 11:01 . 2011-04-10 11:01 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-04-10 11:00 . 2011-04-10 11:04 -------- d-----w- c:\users\***\AppData\Roaming\DAEMON Tools Lite
2011-04-10 11:00 . 2011-04-10 11:01 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-04-09 22:17 . 2011-04-09 22:19 -------- d-----w- c:\program files\CaveStory - Einfach
2011-04-09 22:17 . 2011-04-09 22:17 101668 ----a-w- c:\program files\Cave Story - Deinstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 14:56 . 2011-05-02 16:11 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-05-02 16:11 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-05-02 16:11 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-05-02 16:11 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-06-29 258048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-06 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-12 30192]
"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 2020968]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-16 115816]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Skytel"="Skytel.exe" [2007-06-26 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-1-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 17:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-12 30192]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 2655848]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-10 218688]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20100224.001\IDSvix86.sys [2010-02-10 286768]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-06-29 200704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-02-16 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-07-16 38200]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 21:11]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 21:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {F62C9266-2D49-4E80-BA10-AFA50BF2E9E0} = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\c3y38vxv.default\
FF - prefs.js: browser.startup.homepage - hxxp://apod.nasa.gov/apod/archivepix.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-04 23:44
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-04 23:50:45
ComboFix-quarantined-files.txt 2011-05-04 21:50
.
Vor Suchlauf: 17 Verzeichnis(se), 19.471.212.544 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 19.308.462.080 Bytes frei
.
- - End Of File - - E4490BD21A619D824610BDB3D3BAE0FC
__________________ Gruß |
|
05.05.2011, 13:56
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte |
| abgebrochen, antivir, appdata, browser, dateien, desktop, festplatte, festplatte beschädigt, free, gelöscht, icons, internet, laptop, löschen, malwarebytes, microsoft, namen, pup.keylogger, rechner, setup, software, spyware, start, start menu, trojan.fakealert, trojaner, windows |
Linear-Darstellung
