Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System Diagnostic entfernt - Icons und C:// wiederherstellen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.03.2011, 17:51   #1
mar0i
 
System Diagnostic entfernt - Icons und C:// wiederherstellen - Standard

System Diagnostic entfernt - Icons und C:// wiederherstellen



Hallo rojaner-board.de User,

ich habe die Rogue-Malware "System Diagnostic" von meinem Computer gerade eben mit der Malwarebytes Software entfernen können.

Wie bekomme ich die Urzustand meines Computers wieder hin? Die Icons auf dem Desktop sind alle weg sowie auch das Programmverzeichniss auf dem Laufwerk C: hat die Malware anscheinend unsichtbar gemacht. Ich möchte diese wieder angezeigt bekommen. Wenn ich dies manuell machen möchte (also die alten Icons auf dem Desktop verknüpfe) kommt eine Meldund das dieses Icon bereits existiert. Wie kann ich diese wieder sichtbar machen?

das Protokoll von Malwarebytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6132

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

22.03.2011 17:42:56
mbam-log-2011-03-22 (17-42-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 263499
Laufzeit: 1 Stunde(n), 8 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Alt 22.03.2011, 19:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Diagnostic entfernt - Icons und C:// wiederherstellen - Standard

System Diagnostic entfernt - Icons und C:// wiederherstellen



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 22.03.2011, 19:52   #3
mar0i
 
System Diagnostic entfernt - Icons und C:// wiederherstellen - Standard

System Diagnostic entfernt - Icons und C:// wiederherstellen



Ja stimmt es gibt noch eine weitere txt Datei

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6132

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

22.03.2011 15:59:55
mbam-log-2011-03-22 (15-59-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141021
Laufzeit: 12 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\programdata\ssfdrvxaoxpq.exe (Trojan.FakeAlert) -> 2292 -> Unloaded process successfully.
c:\programdata\29286176.exe (Rogue.FakeHDD) -> 2500 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSFdrVXAOXpQ (Trojan.FakeAlert) -> Value: SSFdrVXAOXpQ -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\ssfdrvxaoxpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\29286176.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
__________________

Alt 22.03.2011, 19:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Diagnostic entfernt - Icons und C:// wiederherstellen - Standard

System Diagnostic entfernt - Icons und C:// wiederherstellen



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2011, 23:25   #5
mar0i
 
System Diagnostic entfernt - Icons und C:// wiederherstellen - Standard

System Diagnostic entfernt - Icons und C:// wiederherstellen



jap mache ich

OTL.txt - OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.03.2011 23:20:14 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Marci\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 61,39 Gb Free Space | 61,39% Space Free | Partition Type: NTFS
Drive D: | 84,84 Gb Total Space | 49,18 Gb Free Space | 57,97% Space Free | Partition Type: NTFS
 
Computer Name: MARCI-PC | User Name: Marci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marci\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\Opera.exe (Opera Software)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Marci\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\SweetIM\Messenger\MSVCR71.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.19 17:14:44 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.19 17:13:44 | 000,000,000 | -H-D | M]
 
[2010.11.19 17:14:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Marci\AppData\Roaming\mozilla\Extensions
[2010.11.19 17:15:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Marci\AppData\Roaming\mozilla\Firefox\Profiles\7fqdy6us.default\extensions
[2010.11.19 17:15:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Marci\AppData\Roaming\mozilla\Firefox\Profiles\7fqdy6us.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.19 17:15:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Marci\AppData\Roaming\mozilla\Firefox\Profiles\7fqdy6us.default\extensions\staged-xpis
[2011.03.16 20:18:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.27 05:44:13 | 000,001,392 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 05:44:13 | 000,002,344 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 05:44:13 | 000,006,805 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 05:44:13 | 000,001,178 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 05:44:13 | 000,001,105 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 21:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Marci\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marci\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fc1eab36-2b0c-11e0-936d-cdc021a9a197}\Shell\AutoRun\command - "" = Menu.exe
O33 - MountPoints2\{fc7f784e-bc25-11df-bd8b-ea5cf81b6139}\Shell - "" = AutoRun
O33 - MountPoints2\{fc7f784e-bc25-11df-bd8b-ea5cf81b6139}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.22 23:19:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Marci\Desktop\OTL.exe
[2011.03.22 15:37:14 | 000,000,000 | -H-D | C] -- C:\Users\Marci\AppData\Roaming\Malwarebytes
[2011.03.22 15:36:44 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.22 15:36:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.22 15:36:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.03.22 15:36:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.03.22 15:35:59 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marci\Desktop\mbam-setup.exe
[2011.03.21 21:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Marci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
[2011.03.20 09:58:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinypic
[2011.03.20 09:58:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Tinypic
[2011.03.16 20:18:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Spigot
[2011.03.16 20:18:03 | 000,000,000 | -H-D | C] -- C:\Program Files\pdfforge Toolbar
[2011.03.16 20:18:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Application Updater
[2011.03.11 10:45:06 | 000,000,000 | -H-D | C] -- C:\Users\Marci\.commonist
[2011.03.08 08:38:42 | 000,000,000 | -H-D | C] -- C:\Users\Marci\Documents\Sony PMB
[2011.03.08 08:33:25 | 003,727,720 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.03.08 08:33:22 | 002,388,176 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.03.08 08:30:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.22 23:19:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marci\Desktop\OTL.exe
[2011.03.22 23:12:59 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 23:12:59 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 23:12:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.22 23:12:48 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.22 20:03:00 | 000,001,118 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2797220469-1346679145-3802353637-1000UA.job
[2011.03.22 16:08:07 | 000,002,397 | -H-- | M] () -- C:\Users\Marci\Desktop\Skype.lnk
[2011.03.22 16:05:07 | 000,000,104 | ---- | M] () -- C:\Users\Marci\Desktop\Opera.lnk
[2011.03.22 15:39:25 | 000,088,576 | -H-- | M] () -- C:\Users\Marci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.22 15:36:44 | 000,000,906 | -H-- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 15:36:30 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marci\Desktop\mbam-setup.exe
[2011.03.22 15:26:00 | 000,000,392 | -H-- | M] () -- C:\ProgramData\29286176
[2011.03.22 15:23:18 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~29286176r
[2011.03.22 15:23:18 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~29286176
[2011.03.21 21:25:28 | 000,000,587 | -H-- | M] () -- C:\Users\Marci\Desktop\Windows Diagnostic.lnk
[2011.03.21 16:14:58 | 000,641,344 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.21 16:14:58 | 000,610,142 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.21 16:14:58 | 000,116,706 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.21 16:14:58 | 000,103,924 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.20 09:58:25 | 000,000,788 | -H-- | M] () -- C:\Users\Marci\Desktop\TinyPic.lnk
[2011.03.18 19:14:00 | 000,002,042 | -H-- | M] () -- C:\Users\Marci\Desktop\Google Chrome.lnk
[2011.03.11 10:03:00 | 000,001,066 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2797220469-1346679145-3802353637-1000Core.job
[2011.03.08 08:30:52 | 000,001,701 | -H-- | M] () -- C:\Users\Public\Desktop\PMB-Hilfe.lnk
[2011.03.08 08:30:52 | 000,000,901 | -H-- | M] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2011.03.08 08:30:52 | 000,000,878 | -H-- | M] () -- C:\Users\Public\Desktop\PMB.lnk
[2011.03.08 07:41:46 | 000,321,088 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.27 14:49:08 | 000,001,467 | -H-- | M] () -- C:\Users\Marci\.recently-used.xbel
[2011.02.21 16:31:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.02.21 16:31:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.22 16:05:07 | 000,000,104 | ---- | C] () -- C:\Users\Marci\Desktop\Opera.lnk
[2011.03.22 15:36:44 | 000,000,906 | -H-- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.21 21:25:28 | 000,000,587 | -H-- | C] () -- C:\Users\Marci\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:25:28 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~29286176r
[2011.03.21 21:25:28 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~29286176
[2011.03.21 21:25:22 | 000,000,392 | -H-- | C] () -- C:\ProgramData\29286176
[2011.03.20 09:58:25 | 000,000,788 | -H-- | C] () -- C:\Users\Marci\Desktop\TinyPic.lnk
[2011.03.08 08:30:52 | 000,001,701 | -H-- | C] () -- C:\Users\Public\Desktop\PMB-Hilfe.lnk
[2011.03.08 08:30:52 | 000,000,901 | -H-- | C] () -- C:\Users\Public\Desktop\PMB Launcher.lnk
[2011.03.08 08:30:52 | 000,000,878 | -H-- | C] () -- C:\Users\Public\Desktop\PMB.lnk
[2011.03.08 08:30:51 | 000,000,890 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2011.02.27 14:49:08 | 000,001,467 | -H-- | C] () -- C:\Users\Marci\.recently-used.xbel
[2011.02.21 16:31:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.02.21 16:31:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.02.16 13:24:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.29 17:56:55 | 000,000,032 | -H-- | C] () -- C:\Windows\Da bin ich.INI
[2011.01.29 16:41:50 | 000,000,034 | -H-- | C] () -- C:\Windows\cdplayer.ini
[2010.11.19 17:14:47 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010.11.07 18:56:46 | 000,000,314 | -H-- | C] () -- C:\Users\Marci\AppData\Roaming\burnaware.ini
[2010.09.28 13:51:58 | 000,116,224 | -H-- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.30 16:27:00 | 000,000,000 | -H-- | C] () -- C:\Windows\WinInit.ini
[2010.08.27 18:49:26 | 000,088,576 | -H-- | C] () -- C:\Users\Marci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.27 18:49:26 | 000,000,680 | -H-- | C] () -- C:\Users\Marci\AppData\Local\d3d9caps.dat
[2010.08.27 15:56:33 | 000,000,000 | -H-- | C] () -- C:\Windows\VAIOUpdt.INI
[2010.08.27 15:50:02 | 000,019,968 | -H-- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2010.08.27 15:42:32 | 000,344,064 | -H-- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007.08.03 22:35:23 | 000,910,304 | -H-- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.03 22:35:23 | 000,249,856 | -H-- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.08.03 22:35:23 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007.08.03 14:24:46 | 000,000,032 | -H-- | C] () -- C:\Windows\System32\elcric.dat
[2007.07.12 20:02:46 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.06.11 11:09:39 | 000,520,192 | -H-- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007.06.11 11:09:38 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007.06.11 11:08:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 15:33:31 | 000,641,344 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 15:33:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 15:33:31 | 000,116,706 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 15:33:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,321,088 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,610,142 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,103,924 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 07:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

< End of report >
         
--- --- ---


Extras.txt - OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.03.2011 23:20:14 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Marci\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 61,39 Gb Free Space | 61,39% Space Free | Partition Type: NTFS
Drive D: | 84,84 Gb Total Space | 49,18 Gb Free Space | 57,97% Space Free | Partition Type: NTFS
 
Computer Name: MARCI-PC | User Name: Marci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2797220469-1346679145-3802353637-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F29243-A1B6-4340-B76D-D1A0AEEAD09B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1EF043E0-26F2-44F4-B7AD-B195173C6E39}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2C08176F-D12B-4A43-99DC-245DEFD1E337}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2F226ECC-BF44-4D91-8A74-3A2099E1966F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{57EA54A3-69D1-43BE-BA31-B3003DEB625D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5B3D8F77-75A5-4703-B8FD-CE2F3A6FFC4A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9535CC3B-4065-40D4-B733-E432EE19F460}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BDEBB936-59B7-4B70-95CF-8989EA473A0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E14A683D-3E47-4618-AA23-48FC53BFA842}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EE918A8A-20CC-414E-A992-F9177D5DF024}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDFFDBE-7FBF-4EA9-854F-9DE98B4C6491}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0FB95DE9-5BB3-460C-8359-F605E782127F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{13FBE962-913A-47FD-894C-04D813F283F1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2656F9CF-BBA3-4FA8-8F45-1D57B5D65E7C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{372C8B6D-6D0F-4AFF-857E-6A3ED4F2E439}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{3E27958A-D28C-4A45-93AA-895FEB4CBDD7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{42C71451-368E-4C8C-97FA-DF235A26A916}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4E8E906F-4302-4283-8BB4-1F8527DC186E}" = protocol=17 | dir=in | app=c:\users\marci\desktop\sweetimsetup.exe | 
"{6328B93C-8C11-43D3-B4CC-1A13BFBF8D34}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6991FD66-9870-4E16-A588-DD87705653C3}" = protocol=6 | dir=in | app=c:\users\marci\desktop\sweetimsetup.exe | 
"{6CEE9380-9D03-49FC-A3CF-D5E35BFD3905}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{85A4DCD7-0A1B-435E-BA90-630CB3D88CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A798544-3BE7-4AA6-8DC1-51FE974E04EA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{92E1AA67-8C3D-4F62-A1F6-6A0AEBB6A9A1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{97F9A59A-745C-4987-8417-D5312C694D4B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{9FB0FDE8-4452-4D3E-BA91-EA730F62C747}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{ACEB9B4D-F7AA-46E7-9AFA-F715068C6C47}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{AEC29047-7B0B-42C1-8BDA-73E71782A98A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C7098063-C8B1-470C-8868-89B5029AF405}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D597204E-A4EC-48EF-8DE0-D1875A869AEA}" = protocol=17 | dir=in | app=c:\users\marci\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{DC238637-7587-49AC-BBC6-69B12848E6E1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DF27FEF8-763F-4CBF-A2B0-353C92F524DB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{ECD9D5EB-C038-4852-AD61-E4273E6E9191}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{F1593094-AD4C-4CE4-B4B7-AEA744C3E4DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F57B5A57-41E8-48EA-AC3A-3E71A08A6E91}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F73A1C7B-C154-4851-8E5A-25FD8E0AED4D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F9E773E8-81BF-4863-B40A-7965D891B36C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{FF6696E3-CC0A-4768-AF59-ED99811DB467}" = protocol=6 | dir=in | app=c:\users\marci\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{374F03BB-9C09-4DB3-9C9B-C71E63292950}" = Google Earth
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer  VAIO Content Exporter
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" = 
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.16
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dt icon module" = 
"eBay HTML" = 
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"gtfirstboot Setting Request" = 
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Opera 11.01.1190" = Opera 11.01
"Picasa 3" = Picasa 3
"printeriaDigitalPrintLab3" = DigitalPrintLab3
"VAIO Help and Support" = 
"VAIO MFU Module" = 
"VLC media player" = VLC media player 1.1.4
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"The Commonist" = The Commonist
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2011 11:31:03 | Computer Name = Marci-PC | Source = LoadPerf | ID = 3013
Description = 
 
Error - 22.03.2011 11:31:03 | Computer Name = Marci-PC | Source = LoadPerf | ID = 3013
Description = 
 
Error - 22.03.2011 11:31:03 | Computer Name = Marci-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 22.03.2011 11:31:07 | Computer Name = Marci-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 22.03.2011 11:31:09 | Computer Name = Marci-PC | Source = LoadPerf | ID = 3013
Description = 
 
Error - 22.03.2011 11:31:09 | Computer Name = Marci-PC | Source = LoadPerf | ID = 3009
Description = 
 
Error - 22.03.2011 11:53:04 | Computer Name = Marci-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 22.03.2011 11:53:06 | Computer Name = Marci-PC | Source = LoadPerf | ID = 3013
Description = 
 
Error - 22.03.2011 11:53:07 | Computer Name = Marci-PC | Source = LoadPerf | ID = 3009
Description = 
 
Error - 22.03.2011 13:04:27 | Computer Name = Marci-PC | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 08.09.2010 13:05:50 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:51 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:51 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:51 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:52 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:52 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:52 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:52 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:52 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.09.2010 13:05:52 | Computer Name = Marci-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---


Alt 23.03.2011, 09:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Diagnostic entfernt - Icons und C:// wiederherstellen - Standard

System Diagnostic entfernt - Icons und C:// wiederherstellen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011.03.21 21:25:28 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~29286176r
[2011.03.21 21:25:28 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~29286176
[2011.03.21 21:25:22 | 000,000,392 | -H-- | C] () -- C:\ProgramData\29286176
[2011.01.29 17:56:55 | 000,000,032 | -H-- | C] () -- C:\Windows\Da bin ich.INI
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fc1eab36-2b0c-11e0-936d-cdc021a9a197}\Shell\AutoRun\command - "" = Menu.exe
O33 - MountPoints2\{fc7f784e-bc25-11df-bd8b-ea5cf81b6139}\Shell - "" = AutoRun
O33 - MountPoints2\{fc7f784e-bc25-11df-bd8b-ea5cf81b6139}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O4 - HKLM..\Run: []  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> System Diagnostic entfernt - Icons und C:// wiederherstellen

Alt 23.03.2011, 17:14   #7
mar0i
 
System Diagnostic entfernt - Icons und C:// wiederherstellen - Standard

System Diagnostic entfernt - Icons und C:// wiederherstellen



Ich bin vorgegangen so wie du es beschrieben hast. Der Rechner wurde neu gestartet. Hier mein Logfile:

All processes killed
========== OTL ==========
C:\ProgramData\~29286176r moved successfully.
C:\ProgramData\~29286176 moved successfully.
C:\ProgramData\29286176 moved successfully.
C:\Windows\Da bin ich.INI moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc1eab36-2b0c-11e0-936d-cdc021a9a197}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc1eab36-2b0c-11e0-936d-cdc021a9a197}\ not found.
File Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc7f784e-bc25-11df-bd8b-ea5cf81b6139}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc7f784e-bc25-11df-bd8b-ea5cf81b6139}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc7f784e-bc25-11df-bd8b-ea5cf81b6139}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc7f784e-bc25-11df-bd8b-ea5cf81b6139}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 116 bytes

User: Default User

User: Marci
->Temp folder emptied: 151947648 bytes
->Temporary Internet Files folder emptied: 42167711 bytes
->Java cache emptied: 12118017 bytes
->FireFox cache emptied: 15837177 bytes
->Google Chrome cache emptied: 128619179 bytes
->Opera cache emptied: 6715396 bytes
->Flash cache emptied: 2869696 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1492044 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9964378 bytes
RecycleBin emptied: 537813885 bytes

Total Files Cleaned = 867,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03232011_170544

Files\Folders moved on Reboot...
C:\Users\Marci\AppData\Local\Temp\~DF6135.tmp moved successfully.
C:\Users\Marci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\095SDE6D\acCAPUH3OD.htm moved successfully.
File move failed. C:\Users\Marci\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Wie bekomme ich die Urzustand meines Computers wieder hin? Die Icons auf dem Desktop sind alle weg sowie auch das Programmverzeichniss auf dem Laufwerk C:. Gibt es da eine Möglichkeit diese automatisch wieder Sichtbar zu machen?

Alt 23.03.2011, 19:17   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Diagnostic entfernt - Icons und C:// wiederherstellen - Standard

System Diagnostic entfernt - Icons und C:// wiederherstellen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu System Diagnostic entfernt - Icons und C:// wiederherstellen
alten, angezeigt, anti-malware, bösartige, common, computer, dateien, desktop, entfernen, entfernt, explorer, files, icons, laufwerk, laufwerk c, malwarebytes, manuell, microsoft, minute, protokoll, sichtbar, software, software entfernen, spigot, system, system diagnostic malwarebytes software, unsichtbar, version, wiederherstellen



Ähnliche Themen: System Diagnostic entfernt - Icons und C:// wiederherstellen


  1. GVU Trojaner entfernen, System wiederherstellen
    Plagegeister aller Art und deren Bekämpfung - 26.04.2013 (32)
  2. GVU Trojaner entfernen, System wiederherstellen Windows zurücksetzen
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (1)
  3. windows system 32 hardware fehler: failed to save all components - wie symbole wiederherstellen?
    Log-Analyse und Auswertung - 02.04.2012 (3)
  4. System Check vollständig entfernt?
    Log-Analyse und Auswertung - 28.03.2012 (8)
  5. System Fix, wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 23.11.2011 (19)
  6. Icons auf Desktop entfernt / Desktophintergrund schwarz / PC fährt nach einiger Zeit herunter
    Plagegeister aller Art und deren Bekämpfung - 29.10.2011 (39)
  7. Trojaner: System Diagnostic
    Log-Analyse und Auswertung - 16.10.2011 (2)
  8. TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm
    Log-Analyse und Auswertung - 17.07.2011 (15)
  9. Windows 7 Recovery vollständig entfernt? Desktop wiederherstellen?
    Log-Analyse und Auswertung - 29.05.2011 (27)
  10. HDD Diagnostic entfernt,Desktop ist fast leer u. kein Zugriff auf Programme u. Dateien
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (36)
  11. Windows Diagnostic - richtig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (23)
  12. Windows Diagnostic, Daten wiederherstellen
    Log-Analyse und Auswertung - 02.04.2011 (28)
  13. Windows Diagnostic wirklich entfernt? - Log files
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (16)
  14. Windows Diagnostic - entfernt oder nicht?
    Log-Analyse und Auswertung - 22.03.2011 (1)
  15. Ist System Tool vom PC entfernt?
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (36)
  16. System Tool entfernt- und nun ?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2011 (20)
  17. System Startup Icons missing
    Alles rund um Windows - 04.08.2007 (2)

Zum Thema System Diagnostic entfernt - Icons und C:// wiederherstellen - Hallo rojaner-board.de User, ich habe die Rogue-Malware "System Diagnostic" von meinem Computer gerade eben mit der Malwarebytes Software entfernen können. Wie bekomme ich die Urzustand meines Computers wieder hin? Die - System Diagnostic entfernt - Icons und C:// wiederherstellen...
Archiv
Du betrachtest: System Diagnostic entfernt - Icons und C:// wiederherstellen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.