|
Plagegeister aller Art und deren Bekämpfung: Malware Windows RecoveryWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.05.2011, 16:07 | #1 |
| Malware Windows Recovery Die Malware "Windows Recovery" hat sich auf meinem Computer breit gemacht (Betriebssystem Windows Vista Home Premium). Mit einer Handlungs-Anleitung aus dem Board und den dort angegebenen Tools (rkill, malwarebytes) habe ich die Störungen (scheinbar) weitgehend beseitigt. Übrig geblieben sind wiederkehrende Meldungen "Internet Explorer-Skriptfehler" (siehe angehängtes Bild), obwohl ich den Internet Explorer gar nicht geöffnet habe. Die angegebene URL ist mir völlig unbekannt. Weitere Maßnahmen mit "Norton Antivirus" und dem Tool "Entfernung bösartiger Software" von Microsoft haben das Problem nicht beseitigt. Wer hat Rat? |
05.05.2011, 16:29 | #2 |
/// Malware-holic | Malware Windows Recovery hallo
__________________öffne malwarebytes, logdateien, poste die scan logs bitte.
__________________ |
05.05.2011, 17:43 | #3 |
| Malware Windows Recovery Ich danke zunächst herzlich für die Reaktion.
__________________Log-Datei von Malwarebytes habe ich leider nicht mehr, weil ich das Programm schon wieder gelöscht habe, nachdem ich dachte, das Problem beseitigt zu haben. Was ich habe ist eine Log-Datei von OTL. |
06.05.2011, 08:27 | #4 |
| Malware Windows Recovery Nachtrag: Habe mir auch den TDSSKILLER von Kaspersky heruntergeladen, von dem ich im Board einiges gelesen habe. Kann das Programm aber nicht Starten. Auch nicht mit rechter Maustaste als Administrator und vom Desktop aus. |
06.05.2011, 11:25 | #5 |
/// Malware-holic | Malware Windows Recovery bitte poste frische otl logs. und nutze nicht einfach irgendwelche programme. wenn du pech hast macht das noch alles schlimmer.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.05.2011, 12:17 | #6 |
| Malware Windows Recovery Hallo lieber Markusg, habe das Programm Malwarebytes noch einmal installiert und festgestellt, daß die Log-Datei doch noch vorhanden ist. Hier ist sie: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 5363 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 28.04.2011 12:48:40 mbam-log-2011-04-28 (12-48-40).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143894 Laufzeit: 8 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und hier ist die OTL-Log-Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.05.2011 17:42:28 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gerd Fischer\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 21,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 83,85 Gb Total Space | 31,90 Gb Free Space | 38,05% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 212,92 Gb Free Space | 91,43% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Gerd Fischer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Processes (SafeList) ========== PRC - [2011.05.05 17:31:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Fischer\Desktop\OTL.exe PRC - [2011.04.19 07:55:30 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe PRC - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe PRC - [2008.12.11 11:28:14 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.14 12:42:22 | 000,409,600 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2008.06.06 10:45:23 | 000,352,256 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2008.05.10 14:36:08 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\PaperPort\pptd40nt.exe PRC - [2007.06.15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2007.02.13 16:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe PRC - [2007.02.13 16:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe PRC - [2007.02.09 11:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2007.01.22 21:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe PRC - [2007.01.12 07:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2007.01.12 07:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe PRC - [2007.01.12 07:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe PRC - [2006.11.28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2006.11.28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2006.11.28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [1998.02.05 19:16:18 | 000,024,576 | ---- | M] () -- C:\Windows\System32\NILaunch.exe ========== Modules (SafeList) ========== MOD - [2011.05.05 17:31:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Fischer\Desktop\OTL.exe MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe -- (NAV) SRV - [2008.07.14 12:42:22 | 000,409,600 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008.06.08 19:03:22 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.06.06 10:45:23 | 000,352,256 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2007.02.13 16:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2007.01.24 17:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007.01.24 17:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2007.01.16 15:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2007.01.16 15:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) SRV - [2007.01.16 15:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2007.01.10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer) SRV - [2007.01.10 11:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2007.01.08 18:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) SRV - [2007.01.08 18:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2007.01.08 18:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2006.12.14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006.11.28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2006.11.28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2006.11.28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) ========== Driver Services (SafeList) ========== DRV - [2011.05.03 09:35:28 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110502.018\navex15.sys -- (NAVEX15) DRV - [2011.05.03 09:35:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011.05.03 09:35:28 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.05.03 09:35:28 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110502.018\naveng.sys -- (NAVENG) DRV - [2011.05.03 09:24:51 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.04.30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2011.03.14 20:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110429.002\IDSvix86.sys -- (IDSVix86) DRV - [2010.12.01 07:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMTDIV.SYS -- (SYMTDIv) DRV - [2010.11.23 06:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSP.SYS -- (SRTSP) DRV - [2010.11.23 06:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2010.11.18 04:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS -- (SymEFA) DRV - [2010.11.16 03:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS -- (SymIRON) DRV - [2010.10.21 04:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS -- (SymDS) DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.01.07 17:45:09 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2009.10.22 16:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009.09.10 23:52:54 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2008.06.11 04:15:32 | 000,292,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15DMBTH.sys -- (AVerAF15DMBTH) DRV - [2007.04.23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.02.06 07:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC) DRV - [2007.01.24 12:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.01.12 07:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.01.10 13:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.10.18 12:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2006.10.09 14:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS -- (MIINPazX) DRV - [2006.10.09 13:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS -- (MTOnlPktAlyX) DRV - [2006.05.11 12:33:14 | 000,037,312 | ---- | M] (DeTeWe Systems GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\detewecp.sys -- (DETEWECP) DRV - [2005.12.07 17:53:22 | 000,976,100 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Capi20.sys -- (CAPI20) DRV - [2005.10.10 21:29:02 | 000,034,841 | ---- | M] (DeTeWe Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ulisa.sys -- (ulisa) Telekom ISDN-Adapter (USB) DRV - [2000.07.12 03:05:00 | 000,026,402 | ---- | M] (In-System Design, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ISD200.SYS -- (ISD200) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Welcome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Users/Gerd%20Fischer/Website/home.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011.05.03 09:26:02 | 000,000,000 | ---D | M] [2009.12.09 13:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Fischer\AppData\Roaming\mozilla\Extensions [2009.12.09 13:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Fischer\AppData\Roaming\mozilla\Extensions\{1286c9cb-a8d2-e589-73c7-ece17e786864} O1 HOSTS File: ([2011.05.04 09:21:28 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Net-It Launcher] C:\Windows\System32\NILaunch.exe () O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [USSShReg] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM Startup] File not found O4 - Startup: C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk = C:\Windows\explorer.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: holbaurat.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: lotto-bayern.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([go] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sueddeutsche.de ([sz-magazin] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: t-online.de ([www.baurat.homepage] https in Vertrauenswürdige Sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 7 Days ========== [2011.05.05 17:31:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gerd Fischer\Desktop\OTL.exe [2011.05.04 20:26:49 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip [2011.05.04 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canon Scanner [2011.05.04 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftFox [2011.05.04 20:14:06 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoImpact [2011.05.04 19:40:54 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hardcopy [2011.05.04 19:13:11 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk [2011.05.04 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe [2011.05.03 09:24:51 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011.05.03 09:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2011.05.03 09:24:31 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.sys [2011.05.03 09:24:31 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.sys [2011.05.03 09:24:31 | 000,330,360 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symtdiv.sys [2011.05.03 09:24:31 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symnets.sys [2011.05.03 09:24:31 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.sys [2011.05.03 09:24:30 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.sys [2011.05.03 09:24:30 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\ironx86.sys [2011.05.03 09:23:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1205000.07D [2011.05.03 09:22:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV [2011.05.03 09:22:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2011.05.03 09:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus [2011.05.03 09:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller ========== Files - Modified Within 7 Days ========== [2011.05.05 17:35:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.05 17:31:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Fischer\Desktop\OTL.exe [2011.05.05 16:46:51 | 000,003,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.05 16:46:51 | 000,003,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.05 15:49:58 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.05 15:47:45 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.05 15:47:04 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.05.05 15:46:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.05 15:46:31 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys [2011.05.04 09:21:28 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.05.03 09:53:31 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.05.03 09:25:47 | 001,683,086 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB [2011.05.03 09:24:51 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2011.05.03 09:24:51 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011.05.03 09:24:51 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.05.03 09:24:36 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2011.04.28 20:40:11 | 000,001,079 | ---- | M] () -- C:\Users\Gerd Fischer\Desktop\Adobe Reader 8.lnk [2011.04.28 20:37:56 | 000,000,858 | ---- | M] () -- C:\Users\Gerd Fischer\Desktop\Videograbber 5.0.lnk [2011.04.28 20:29:48 | 000,000,029 | ---- | M] () -- C:\Windows\standard.sta ========== Files Created - No Company Name ========== [2011.05.03 09:53:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.05.03 09:24:58 | 001,683,086 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB [2011.05.03 09:24:51 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2011.05.03 09:24:51 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.05.03 09:24:36 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2011.05.03 09:24:31 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnetv.cat [2011.05.03 09:24:31 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.cat [2011.05.03 09:24:31 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.cat [2011.05.03 09:24:31 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.cat [2011.05.03 09:24:31 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.cat [2011.05.03 09:24:31 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.inf [2011.05.03 09:24:31 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.inf [2011.05.03 09:24:31 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnetv.inf [2011.05.03 09:24:31 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.inf [2011.05.03 09:24:31 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.inf [2011.05.03 09:24:30 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.cat [2011.05.03 09:24:30 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.cat [2011.05.03 09:24:30 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.inf [2011.05.03 09:24:30 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.inf [2011.05.03 09:24:30 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\isolate.ini [2011.04.28 20:40:11 | 000,001,079 | ---- | C] () -- C:\Users\Gerd Fischer\Desktop\Adobe Reader 8.lnk [2011.04.28 09:54:17 | 000,000,184 | ---- | C] () -- C:\ProgramData\~25616160 [2011.04.28 09:54:17 | 000,000,144 | ---- | C] () -- C:\ProgramData\~25616160r [2011.04.28 09:54:01 | 000,000,384 | ---- | C] () -- C:\ProgramData\25616160 [2010.10.22 18:24:05 | 000,001,940 | ---- | C] () -- C:\Users\Gerd Fischer\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.01.05 12:37:40 | 000,028,672 | ---- | C] () -- C:\Windows\System32\Util.dll [2009.12.02 13:24:14 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.05 13:38:33 | 000,000,074 | ---- | C] () -- C:\Windows\hdkctnts.ini [2009.10.04 11:23:21 | 000,000,000 | ---- | C] () -- C:\Windows\odbcddp.ini [2009.10.04 11:22:01 | 000,001,053 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.09.21 16:34:51 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.07.28 17:20:47 | 000,000,487 | ---- | C] () -- C:\Windows\Capictrl.INI [2009.06.11 11:31:26 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini [2009.03.07 18:20:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll [2009.03.07 18:20:20 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys [2009.03.07 18:20:05 | 000,253,952 | R--- | C] () -- C:\Windows\System32\sptlib02.dll [2009.03.07 18:20:05 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib01.dll [2009.03.07 18:20:05 | 000,245,760 | R--- | C] () -- C:\Windows\System32\sptlib03.dll [2009.01.12 15:19:42 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2008.04.16 20:08:05 | 000,163,017 | ---- | C] () -- C:\Windows\hpoins16.dat [2008.04.16 20:08:04 | 000,005,279 | ---- | C] () -- C:\Windows\hpomdl16.dat [2008.03.23 17:05:24 | 000,000,148 | ---- | C] () -- C:\Windows\bg_info.ini [2008.02.04 14:39:24 | 000,302,496 | ---- | C] () -- C:\Windows\INSTWIN4.EXE [2008.02.04 14:37:05 | 000,190,499 | ---- | C] () -- C:\Windows\INSTBS3.EXE [2008.02.04 14:29:49 | 000,194,851 | ---- | C] () -- C:\Windows\INSTBS2.EXE [2007.11.09 18:25:09 | 000,000,055 | ---- | C] () -- C:\Windows\TC.INI [2007.11.09 18:15:39 | 000,246,784 | ---- | C] () -- C:\Windows\UN160407.EXE [2007.10.26 20:53:58 | 000,000,031 | ---- | C] () -- C:\Windows\sbewin32.INI [2007.10.24 15:38:16 | 000,000,790 | ---- | C] () -- C:\Windows\TomCat.INI [2007.10.24 14:36:11 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI [2007.10.21 11:15:01 | 000,000,542 | ---- | C] () -- C:\Windows\ODBC.INI [2007.10.14 19:44:52 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2007.10.06 14:32:29 | 000,004,656 | ---- | C] () -- C:\Windows\AMIPRO.INI [2007.10.06 14:19:33 | 000,004,250 | ---- | C] () -- C:\Windows\AMIVISD.INI [2007.10.06 14:19:33 | 000,000,403 | ---- | C] () -- C:\Windows\AMIPRO2.INI [2007.10.03 19:41:36 | 000,003,090 | ---- | C] () -- C:\Windows\AMICALC.INI [2007.10.03 19:25:26 | 000,023,822 | ---- | C] () -- C:\Windows\AMIOW.INI [2007.10.03 19:25:26 | 000,008,283 | ---- | C] () -- C:\Windows\AMIDW.INI [2007.10.03 19:25:26 | 000,006,941 | ---- | C] () -- C:\Windows\AMILABEL.INI [2007.10.03 19:25:26 | 000,005,909 | ---- | C] () -- C:\Windows\AMIWP.INI [2007.10.03 19:25:26 | 000,001,993 | ---- | C] () -- C:\Windows\AMIIWP.INI [2007.10.03 19:25:26 | 000,000,898 | ---- | C] () -- C:\Windows\AMIEQN.INI [2007.10.03 19:25:25 | 000,011,208 | ---- | C] () -- C:\Windows\AMIENV.DLL [2007.10.03 19:25:25 | 000,000,478 | ---- | C] () -- C:\Windows\lotus.ini [2007.10.03 19:25:25 | 000,000,332 | ---- | C] () -- C:\Windows\AMIFONT.INI [2007.10.03 11:06:07 | 000,003,617 | ---- | C] () -- C:\Windows\pc_fb.ini [2007.09.23 12:45:58 | 000,004,378 | ---- | C] () -- C:\Windows\ULEAD32.INI [2007.09.23 12:44:05 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2007.09.16 11:42:24 | 000,000,000 | ---- | C] () -- C:\Windows\Net-It Now! SE.INI [2007.09.16 11:38:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\NILaunch.exe [2007.09.16 11:38:08 | 000,037,888 | ---- | C] () -- C:\Windows\System32\NIUninstall.exe [2007.09.16 11:37:47 | 000,000,038 | ---- | C] () -- C:\Windows\Approach.ini [2007.09.16 11:31:06 | 000,000,000 | ---- | C] () -- C:\Windows\winhelp.ini [2007.09.09 19:58:01 | 000,000,054 | ---- | C] () -- C:\Windows\fpxpress.ini [2007.09.05 09:50:30 | 000,000,000 | ---- | C] () -- C:\Users\Gerd Fischer\AppData\Roaming\wklnhst.dat [2007.09.04 15:31:56 | 000,060,928 | ---- | C] () -- C:\Users\Gerd Fischer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.02.28 03:36:18 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2007.02.28 03:36:16 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2007.02.28 03:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2007.02.26 21:02:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll [2007.02.26 21:02:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.02.26 21:02:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll [2007.02.26 21:02:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll [2007.02.26 18:03:44 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2007.02.26 12:59:50 | 000,163,840 | ---- | C] () -- C:\Windows\System32\WLANDLL.DLL [2006.11.02 17:33:31 | 000,698,314 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,140,292 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,436,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,656,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,506 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.10.17 07:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\besch.exe [2006.10.17 07:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\besched.dll [2006.09.29 16:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2006.09.24 22:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2006.09.24 22:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2005.01.01 22:05:12 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2005.01.01 22:04:06 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll [2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll [1998.03.18 03:23:00 | 000,096,256 | ---- | C] () -- C:\Windows\System32\nsqlc32.dll [1998.01.13 03:23:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\lotrn13.dll [1997.07.31 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL [1997.07.31 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL < End of report > |
06.05.2011, 12:19 | #7 |
| Malware Windows Recovery Nachtrag: Hier ist noch eine OTL-Log-Datei (Extras):OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.05.2011 17:42:28 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gerd Fischer\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 21,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 83,85 Gb Total Space | 31,90 Gb Free Space | 38,05% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 212,92 Gb Free Space | 91,43% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Gerd Fischer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2133952941-3459510235-1210853127-1003] "EnableNotifications" = 1 "EnableNotificationsRef" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1 "13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{114367EE-22F3-4C16-99CD-551A88212BEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1BCCC0F3-EDD7-480E-BB4B-870568462634}" = rport=139 | protocol=6 | dir=out | app=system | "{46E78C51-BD64-44B2-BB96-DC8B68182580}" = lport=137 | protocol=17 | dir=in | app=system | "{8A089BD2-5B7B-40EB-9B0A-FABB6AAA4875}" = lport=445 | protocol=6 | dir=in | app=system | "{8E689110-6FEC-43F8-B3CC-417D6AF54F53}" = rport=138 | protocol=17 | dir=out | app=system | "{9A39D768-4770-4D98-AD04-E33B54EB90FF}" = rport=137 | protocol=17 | dir=out | app=system | "{AB9EBD96-AAF6-4F38-BFD0-0B51F960FB4E}" = lport=139 | protocol=6 | dir=in | app=system | "{E3A06607-5153-4061-AAA7-0291EBF3009B}" = rport=445 | protocol=6 | dir=out | app=system | "{F69ADB1C-E989-4633-8EC9-FC151863207B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FA4209DA-F904-419C-8D7D-83F27FD03FD2}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{28CFDEA3-1FFE-445E-BD6B-A4637549DBF5}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{4A36FCAE-C978-48A1-993B-92C71FBCA862}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4CD200BC-FA96-46DB-80AD-A14712EAE4F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4F5A6558-3CD6-4422-87CF-65F227E8618D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{75372AE2-020E-49DD-865C-95F10511C165}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{79B8994D-FC56-4116-972B-6D5FEA3EF931}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AE172C67-3311-4586-ADCA-D67A9F433965}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | "{B853D6C8-BE18-4F9F-BA31-E6B14A1C8375}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{D9CDC8C4-8B2D-48A4-A8A0-005242DC7FAC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E2D37B4F-3F93-4F92-A782-23418612D790}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EAFCB9F6-7EF1-47F4-8E6D-E8388AE78AB5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FD2ADCE9-131F-45D9-9E17-7519D15708BE}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | "TCP Query User{91E5E376-0946-4AF5-90C1-A7CE2266EC1E}C:\program files\videograbber\update.exe" = protocol=6 | dir=in | app=c:\program files\videograbber\update.exe | "TCP Query User{BE9695D9-EB0D-49E6-A4DB-1FAF0AD4D8ED}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{7B9D15E3-6741-4228-B3C4-C976A77A3AD6}C:\program files\videograbber\update.exe" = protocol=17 | dir=in | app=c:\program files\videograbber\update.exe | "UDP Query User{D02FBF94-D5CF-47B1-9AEB-411862E57A59}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008 "{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010 "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter "{1B046D15-EC86-4FF8-9CF5-43B14FC4937C}" = POP3-Manager "{1B7DD202-20F6-489F-B7CD-42B9AB2002A0}" = Quicken 2008 - ServicePack 2 "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{288A2B29-1EF4-4BC9-986B-86005873445D}" = Roxio Backup MyPC Deluxe "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90 "{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3 "{4CE9FE44-077C-46F9-A8EC-4557D2D86790}" = Quicken Import Export Server 2008 "{4FC583C2-45DB-44ac-AD30-8837DB845588}" = HP Photosmart Printer Software 9.0 "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0 "{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{55B781F0-060E-11D4-99D7-00C04FCCB775}" = "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0 "{5783F2D6-7028-0407-0000-0060B0CE6BBA}" = DWG TrueView 2009 "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007 "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo Suite "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0 "{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}" = Servicepack Datumsaktualisierung "{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90 "{8C4F56A2-03D5-441B-B911-EC2604622D58}" = FormsForWeb® Filler "{8DD59B6E-6FC4-4CDC-896D-2FDF19CBE70B}" = DDBAC "{8EAA36CC-E2CA-44AA-B113-CD65FD0F3AC8}" = ScanSoft PaperPort 11 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Excel Viewer 2003 "{9112CADD-8FC9-4B75-BB46-40D9544D4359}}_is1" = DEnA - Energieausweis 2.0.8 "{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media "{A0EB195B-5876-48E6-879D-33D4B2102610}" = Sony SonicStage 4.3 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1 "{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0 "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home "{C183A21C-395A-490F-99D4-CCAB35E32859}" = "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE72437E-0C5F-4E26-8C07-42AB0C9F7B1D}" = VAIO Video & Photo Suite "{D6B86834-EC2F-464e-8AF6-49DDBC483D42}" = D5300_Help "{D784D8FF-8E8B-4837-876E-D775E1CD2301}" = D5300 "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E2A8DE20-C75F-4799-8851-39E04771E2A1}" = PS_SF_02_Software_min "{E6DE49CA-30D6-427a-9440-09962E3CB9B8}" = PS_SF_02_ProductContext "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00 "{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EE95B5F7-F280-4b1c-89A6-CBDD59146581}" = PS_SF_02_Software "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "{F595CB9B-6628-4ae5-8544-DE36136DF479}" = D5300_doccd "{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90 "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "07D05E78AC75D5EB12431B61D08C0806E7350B54" = Windows-Treiberpaket - Scanntronik Mugrauer GmbH Scanntronik Driver Package (10/22/2009 2.06.00) "1B35E688F19CD7FB4DBCA19B602B97070B2D4217" = Windows-Treiberpaket - Scanntronik Mugrauer GmbH Scanntronik Driver Package (10/22/2009 2.06.00) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AnyDVD" = AnyDVD "AVerMedia A850 USB DVBT" = AVerMedia A850 USB DVBT 1.0.0.18 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem "CutePDF Writer Installation" = CutePDF Writer 2.7 "DasTelefonbuch. München 2011" = DasTelefonbuch. München 2011 "DeInst_dotexcrd2.0" = TOP 50 (Version 2.0) "DWG TrueView 2009" = DWG TrueView 2009 "Encarta Weltatlas 2.0" = Microsoft Encarta Weltatlas "FormatFactory" = FormatFactory 2.45 "Google Updater" = Google Updater "Hardcopy(C__Program Files_Hardcopy)" = Hardcopy 16.3.04 "HDMI" = Intel(R) Graphics Media Accelerator Driver "Help Workshop" = Help Workshop 4.03 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "InstallShield_{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "ISD200" = USB Storage Adapter V2 "KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic) "MarcoPolo" = Marco Polo Travel Center "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "NAV" = Norton AntiVirus "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01 "Picasa 3" = Picasa 3 "Planungstool Lüftungskonzept_is1" = Planungstool Lüftungskonzept - Deinstallieren "Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0 "Skype_is1" = Skype 3.0 "SmartSuite V99.0" = Lotus SmartSuite 9.5 "SoftFOX & Co._is1" = SoftFOX & Co. "Ulead PhotoImpact 4.2" = Ulead PhotoImpact 4.2 "VLC media player" = VideoLAN VLC media player 0.8.6c "vLite_is1" = vLite "Winston_is1" = Winston Version 2011W "WinZip" = WinZip 9.0 "WS_FTP" = WS_FTP 95 LE "WVGW_DVGW-TRGI Kommentar" = DVGW-TRGI / Kommentar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
06.05.2011, 12:48 | #8 |
| Malware Windows Recovery Weiterer Nachtrag: Hier ist noch eine Malwarebytes-Log-Datei vom gleichen Tag wie die erstgesendete Datei Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6462 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 28.04.2011 17:18:45 mbam-log-2011-04-28 (17-18-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 272798 Laufzeit: 1 Stunde(n), 26 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LtuBJrJRDEvvaD (Trojan.FakeAlert) -> Value: LtuBJrJRDEvvaD -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\gerd fischer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\ltubjrjrdevvad.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\25616160.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\gerd fischer\AppData\Local\Temp\jar_cache9112.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\gerd fischer\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\gerd fischer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\gerd fischer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. |
06.05.2011, 14:34 | #9 |
/// Malware-holic | Malware Windows Recovery warum hat dein windows noch nie updates gesehen. da musst du dich über malware nicht wundern. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.05.2011, 15:21 | #10 |
| Malware Windows Recovery Zunächst 'mal wieder herzlichen Dank für Deine Bemühung. Wie kommst Du darauf, daß mein Windows noch nie Updates gesehen hat? Genügt es nicht, wenn ich regelmäßig die angebotenen Updates von Microsoft installiere? Die Liste der letzten Updates habe ich als Anhang beigefügt Werde mich jetzt um das Combofix kümmern und dann wieder posten. |
06.05.2011, 16:17 | #11 |
| Malware Windows Recovery Hallo lieber Markusg, habe das Programm "Combofix" laufen lassen. Hier ist die Log-Datei: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-05.04 - Gerd Fischer 06.05.2011 16:48:58.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.1014.236 [GMT 2:00] ausgeführt von:: c:\users\Gerd Fischer\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\progra~1\PHOTOI~1\SSaver\Ussshreg.exe c:\windows\system\FTSRCH.DLL c:\windows\system32\AutoRun.inf c:\windows\winhelp.ini . Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert Kopie von - Kitty had a snack :p wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2011-04-06 bis 2011-05-06 )))))))))))))))))))))))))))))) . . 2011-05-06 15:03 . 2011-05-06 15:04 -------- d-----w- c:\users\Gerd Fischer\AppData\Local\temp 2011-05-06 15:03 . 2011-05-06 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-06 07:38 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-06 07:38 . 2011-05-06 07:38 -------- d-----w- c:\program files\Malwarebytes 2011-05-03 07:24 . 2011-05-03 07:24 -------- d-----w- c:\program files\Symantec 2011-05-03 07:24 . 2011-05-03 07:24 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-05-03 07:22 . 2011-05-03 07:25 -------- d-----w- c:\windows\system32\drivers\NAV 2011-05-03 07:22 . 2011-05-03 07:22 -------- d-----w- c:\program files\Norton AntiVirus 2011-05-03 07:17 . 2011-05-03 07:47 -------- d-----w- c:\program files\NortonInstaller 2011-04-28 16:26 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86E18162-5BE7-4E59-B78A-75B3D7EC862A}\mpengine.dll 2011-04-28 10:38 . 2011-04-28 10:38 -------- d-----w- c:\users\Gerd Fischer\AppData\Roaming\Malwarebytes 2011-04-28 10:38 . 2011-04-28 10:38 -------- d-----w- c:\programdata\Malwarebytes 2011-04-27 13:45 . 2011-04-27 13:45 1186056 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-01 07:39 . 2011-04-01 07:39 226656 ----a-w- c:\windows\system32\ddBACCTM.cpl 2011-04-01 07:39 . 2011-04-01 07:39 824672 ----a-w- c:\windows\system32\Ddbaccpl.cpl . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-17 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656] "Net-It Launcher"="c:\windows\system32\NILaunch.exe" [1998-02-05 24576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-14 286720] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-24 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-24 106496] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-24 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\PaperPort\pptd40nt.exe" [2008-05-10 29984] "IndexSearch"="c:\program files\PaperPort\IndexSearch.exe" [2008-05-10 46368] "PPort11reminder"="c:\program files\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] . c:\users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Explorer.lnk - c:\windows\explorer.exe [2008-12-11 2923520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-02-13 14:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2133952941-3459510235-1210853127-1003] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000002 . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176] R3 AVerAF15DMBTH;AVerMedia A850 BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15DMBTH.sys [2008-06-11 292992] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176] R3 ISD200;USB Storage Adapter V2;c:\windows\system32\DRIVERS\ISD200.SYS [2000-07-12 26402] R3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152] R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536] R3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2005-10-10 34841] R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312] R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [2011-04-29 802936] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110429.002\IDSvix86.sys [2011-03-14 353912] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1205000.07D\SYMTDIV.SYS [2010-12-01 330360] S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2010-01-07 110304] S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-06-06 352256] S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-07-14 409600] S2 CAPI20;Eumex 504PC USB;c:\windows\system32\Drivers\CAPI20.SYS [2005-12-07 976100] S2 DETEWECP;Telekom ISDN Port;c:\windows\System32\drivers\detewecp.sys [2006-05-11 37312] S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-05 28933976] S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-03 102448] S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] 2010-04-05 10:15 124928 ----a-w- c:\windows\System32\advpack.dll . Inhalt des "geplante Tasks" Ordners . 2011-05-06 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-26 12:44] . 2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 09:06] . 2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 09:06] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = localhost IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: holbaurat.de\www Trusted Zone: lotto-bayern.de\www Trusted Zone: microsoft.com\go Trusted Zone: sueddeutsche.de\sz-magazin Trusted Zone: t-online.de\www.baurat.homepage . . ------- Dateityp-Verknüpfung ------- . .scr=DWGTrueViewScriptFile . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-USSShReg - c:\progra~1\PHOTOI~1\SSaver\Ussshreg.exe AddRemove-Encarta World Atlas 2.0 - F:\setup.exe AddRemove-vLite_is1 - c:\program files\vLite\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-05-06 17:04 Windows 6.0.6000 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2011-05-06 17:09:17 ComboFix-quarantined-files.txt 2011-05-06 15:09 . Vor Suchlauf: 15 Verzeichnis(se), 33.336.049.664 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 33.400.782.848 Bytes frei . - - End Of File - - 6E6D2EE22EF13413C33DFD97C3EAC32D |
06.05.2011, 16:21 | #12 |
/// Malware-holic | Malware Windows Recovery du hast kein servicepack 1 und kein servicepack 2 die sind aber dringenst nötig. machen wir später. dies zeigt mir das otl log im kopf des logs an. jetzt noch was unangenehmes. machst du onlinebanking /einkäufe oder sonst was wichtiges mit dem pc? privat oder beruflich.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.05.2011, 17:04 | #13 |
| Malware Windows Recovery Mache Online-Banking mit dem Programm Quicken. |
06.05.2011, 17:15 | #14 |
/// Malware-holic | Malware Windows Recovery 1. lasse sofort das onlinebanking sperren. notfall nummer: 116 116 du hast ein tdss rootkit auf dem pc. dieses rootkit bietet einem angreifer volle kontrolle über das system. deswegen ist jetzt folgendes zu tun: daten sichern: sichere deine wichtigen daten, dokumente bilder musik etc. nichts illegales wie keygens cracs und dateien aus file sharing. dann muss das system neu aufgesetzt werden. das heißt formatieren, windows neu instalieren. dann sollten wir, falls du das möchtest, dass system absichern. es gibt einige möglichkeiten um sich besser zu schützen, diese möchte ich mit dir durcharbeiten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
07.05.2011, 07:58 | #15 |
| Malware Windows Recovery Danke für den Hinweis wegen Onlinebanking. Habe sofort mit der Sicherheits-Hotline meiner Bank telefoniert. Man hat mich beruhigt. Ohne TAN-Nummer kann keine Transaktion durchgeführt werden. Und eine TAN-Nummer erhalte ich immer nur im Einzelfall nach Anforderung über mein Mobilttelefon. Es kann also nicht viel passieren. Werde aber natürlich vorläufig das Online-Banking einstellen. Was schlägst Du vor, nachdem ich meine persönliche Daten gesichert habe (was ich ja sowieso regelmäßig mache)? Ist eine Neuinstallation von Vista die einzige Möglichkeit, um dieses Rootkit los zu werden? |
Themen zu Malware Windows Recovery |
antivirus, betriebssystem, bild, board, computer, entfernung, fehler, gen, home, interne, internet, malware, malwarebytes, maßnahme, meldungen, microsoft, norton, problem, recover, recovery, software, störungen, tools, vista, vista home premium, wiederkehrende, windows, windows vista, windows vista home |