Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malware Windows Recovery

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.05.2011, 16:07   #1
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Die Malware "Windows Recovery" hat sich auf meinem Computer breit gemacht (Betriebssystem Windows Vista Home Premium). Mit einer Handlungs-Anleitung aus dem Board und den dort angegebenen Tools (rkill, malwarebytes) habe ich die Störungen (scheinbar) weitgehend beseitigt. Übrig geblieben sind wiederkehrende Meldungen "Internet Explorer-Skriptfehler" (siehe angehängtes Bild), obwohl ich den Internet Explorer gar nicht geöffnet habe. Die angegebene URL ist mir völlig unbekannt. Weitere Maßnahmen mit "Norton Antivirus" und dem Tool "Entfernung bösartiger Software" von Microsoft haben das Problem nicht beseitigt. Wer hat Rat?
Miniaturansicht angehängter Grafiken
Malware Windows Recovery-skriptfehler.jpg  

Alt 05.05.2011, 16:29   #2
markusg
/// Malware-holic
 
Malware Windows Recovery - Standard

Malware Windows Recovery



hallo
öffne malwarebytes, logdateien, poste die scan logs bitte.
__________________

__________________

Alt 05.05.2011, 17:43   #3
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Ich danke zunächst herzlich für die Reaktion.
Log-Datei von Malwarebytes habe ich leider nicht mehr, weil ich das Programm schon wieder gelöscht habe, nachdem ich dachte, das Problem beseitigt zu haben. Was ich habe ist eine Log-Datei von OTL.
__________________

Alt 06.05.2011, 08:27   #4
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Nachtrag:
Habe mir auch den TDSSKILLER von Kaspersky heruntergeladen, von dem ich im Board einiges gelesen habe. Kann das Programm aber nicht Starten. Auch nicht mit rechter Maustaste als Administrator und vom Desktop aus.

Alt 06.05.2011, 11:25   #5
markusg
/// Malware-holic
 
Malware Windows Recovery - Standard

Malware Windows Recovery



bitte poste frische otl logs.
und nutze nicht einfach irgendwelche programme.
wenn du pech hast macht das noch alles schlimmer.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.05.2011, 12:17   #6
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Hallo lieber Markusg,
habe das Programm Malwarebytes noch einmal installiert und festgestellt, daß die Log-Datei doch noch vorhanden ist. Hier ist sie:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Datenbank Version: 5363
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
28.04.2011 12:48:40
mbam-log-2011-04-28 (12-48-40).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143894
Laufzeit: 8 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Und hier ist die OTL-Log-Datei:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.05.2011 17:42:28 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Gerd Fischer\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,85 Gb Total Space | 31,90 Gb Free Space | 38,05% Space Free | Partition Type: NTFS
Drive H: | 232,88 Gb Total Space | 212,92 Gb Free Space | 91,43% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: Gerd Fischer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.05 17:31:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Fischer\Desktop\OTL.exe
PRC - [2011.04.19 07:55:30 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
PRC - [2008.12.11 11:28:14 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.14 12:42:22 | 000,409,600 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.06.06 10:45:23 | 000,352,256 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.05.10 14:36:08 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\PaperPort\pptd40nt.exe
PRC - [2007.06.15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007.02.13 16:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
PRC - [2007.02.13 16:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007.02.09 11:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007.01.22 21:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
PRC - [2007.01.12 07:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007.01.12 07:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2007.01.12 07:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006.11.28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006.11.28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006.11.28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [1998.02.05 19:16:18 | 000,024,576 | ---- | M] () -- C:\Windows\System32\NILaunch.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.05 17:31:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Fischer\Desktop\OTL.exe
MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe -- (NAV)
SRV - [2008.07.14 12:42:22 | 000,409,600 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.06.08 19:03:22 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.06.06 10:45:23 | 000,352,256 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2007.02.13 16:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.01.24 17:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.01.24 17:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007.01.16 15:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.01.16 15:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007.01.16 15:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007.01.10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007.01.10 11:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.01.08 18:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007.01.08 18:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007.01.08 18:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006.12.14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006.11.28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006.11.28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006.11.28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.03 09:35:28 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110502.018\navex15.sys -- (NAVEX15)
DRV - [2011.05.03 09:35:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.05.03 09:35:28 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.05.03 09:35:28 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110502.018\naveng.sys -- (NAVENG)
DRV - [2011.05.03 09:24:51 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.04.30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.03.14 20:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110429.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010.12.01 07:23:59 | 000,330,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010.11.23 06:08:31 | 000,509,560 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSP.SYS -- (SRTSP)
DRV - [2010.11.23 06:08:31 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010.11.18 04:59:55 | 000,652,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS -- (SymEFA)
DRV - [2010.11.16 03:45:33 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS -- (SymIRON)
DRV - [2010.10.21 04:28:36 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS -- (SymDS)
DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.01.07 17:45:09 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.10.22 16:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009.09.10 23:52:54 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.06.11 04:15:32 | 000,292,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15DMBTH.sys -- (AVerAF15DMBTH)
DRV - [2007.04.23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.02.06 07:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007.01.24 12:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.01.12 07:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.01.10 13:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.10.18 12:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006.10.09 14:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS -- (MIINPazX)
DRV - [2006.10.09 13:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS -- (MTOnlPktAlyX)
DRV - [2006.05.11 12:33:14 | 000,037,312 | ---- | M] (DeTeWe Systems GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\detewecp.sys -- (DETEWECP)
DRV - [2005.12.07 17:53:22 | 000,976,100 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Capi20.sys -- (CAPI20)
DRV - [2005.10.10 21:29:02 | 000,034,841 | ---- | M] (DeTeWe Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ulisa.sys -- (ulisa) Telekom ISDN-Adapter (USB)
DRV - [2000.07.12 03:05:00 | 000,026,402 | ---- | M] (In-System Design, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ISD200.SYS -- (ISD200)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Users/Gerd%20Fischer/Website/home.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011.05.03 09:26:02 | 000,000,000 | ---D | M]
 
[2009.12.09 13:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Fischer\AppData\Roaming\mozilla\Extensions
[2009.12.09 13:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd Fischer\AppData\Roaming\mozilla\Extensions\{1286c9cb-a8d2-e589-73c7-ece17e786864}
 
O1 HOSTS File: ([2011.05.04 09:21:28 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Net-It Launcher] C:\Windows\System32\NILaunch.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USSShReg]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM Startup]  File not found
O4 - Startup: C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk = C:\Windows\explorer.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: holbaurat.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: lotto-bayern.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([go] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sueddeutsche.de ([sz-magazin] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: t-online.de ([www.baurat.homepage] https in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 7 Days ==========
 
[2011.05.05 17:31:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gerd Fischer\Desktop\OTL.exe
[2011.05.04 20:26:49 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip
[2011.05.04 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canon Scanner
[2011.05.04 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SoftFox
[2011.05.04 20:14:06 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoImpact
[2011.05.04 19:40:54 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hardcopy
[2011.05.04 19:13:11 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
[2011.05.04 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe
[2011.05.03 09:24:51 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.05.03 09:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.05.03 09:24:31 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.sys
[2011.05.03 09:24:31 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.sys
[2011.05.03 09:24:31 | 000,330,360 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symtdiv.sys
[2011.05.03 09:24:31 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symnets.sys
[2011.05.03 09:24:31 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.sys
[2011.05.03 09:24:30 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.sys
[2011.05.03 09:24:30 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\ironx86.sys
[2011.05.03 09:23:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1205000.07D
[2011.05.03 09:22:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011.05.03 09:22:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011.05.03 09:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011.05.03 09:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
 
========== Files - Modified Within 7 Days ==========
 
[2011.05.05 17:35:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.05 17:31:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd Fischer\Desktop\OTL.exe
[2011.05.05 16:46:51 | 000,003,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.05 16:46:51 | 000,003,584 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.05 15:49:58 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.05.05 15:47:45 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.05 15:47:04 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.05.05 15:46:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.05 15:46:31 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.04 09:21:28 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.03 09:53:31 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.05.03 09:25:47 | 001,683,086 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011.05.03 09:24:51 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.05.03 09:24:51 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.05.03 09:24:51 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.05.03 09:24:36 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.04.28 20:40:11 | 000,001,079 | ---- | M] () -- C:\Users\Gerd Fischer\Desktop\Adobe Reader 8.lnk
[2011.04.28 20:37:56 | 000,000,858 | ---- | M] () -- C:\Users\Gerd Fischer\Desktop\Videograbber 5.0.lnk
[2011.04.28 20:29:48 | 000,000,029 | ---- | M] () -- C:\Windows\standard.sta
 
========== Files Created - No Company Name ==========
 
[2011.05.03 09:53:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.05.03 09:24:58 | 001,683,086 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011.05.03 09:24:51 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.05.03 09:24:51 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.05.03 09:24:36 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.05.03 09:24:31 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnetv.cat
[2011.05.03 09:24:31 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.cat
[2011.05.03 09:24:31 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.cat
[2011.05.03 09:24:31 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.cat
[2011.05.03 09:24:31 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.cat
[2011.05.03 09:24:31 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.inf
[2011.05.03 09:24:31 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.inf
[2011.05.03 09:24:31 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnetv.inf
[2011.05.03 09:24:31 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.inf
[2011.05.03 09:24:31 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.inf
[2011.05.03 09:24:30 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.cat
[2011.05.03 09:24:30 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.cat
[2011.05.03 09:24:30 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.inf
[2011.05.03 09:24:30 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.inf
[2011.05.03 09:24:30 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\isolate.ini
[2011.04.28 20:40:11 | 000,001,079 | ---- | C] () -- C:\Users\Gerd Fischer\Desktop\Adobe Reader 8.lnk
[2011.04.28 09:54:17 | 000,000,184 | ---- | C] () -- C:\ProgramData\~25616160
[2011.04.28 09:54:17 | 000,000,144 | ---- | C] () -- C:\ProgramData\~25616160r
[2011.04.28 09:54:01 | 000,000,384 | ---- | C] () -- C:\ProgramData\25616160
[2010.10.22 18:24:05 | 000,001,940 | ---- | C] () -- C:\Users\Gerd Fischer\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.01.05 12:37:40 | 000,028,672 | ---- | C] () -- C:\Windows\System32\Util.dll
[2009.12.02 13:24:14 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.11.05 13:38:33 | 000,000,074 | ---- | C] () -- C:\Windows\hdkctnts.ini
[2009.10.04 11:23:21 | 000,000,000 | ---- | C] () -- C:\Windows\odbcddp.ini
[2009.10.04 11:22:01 | 000,001,053 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.09.21 16:34:51 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.28 17:20:47 | 000,000,487 | ---- | C] () -- C:\Windows\Capictrl.INI
[2009.06.11 11:31:26 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini
[2009.03.07 18:20:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\AVerIO.dll
[2009.03.07 18:20:20 | 000,003,456 | R--- | C] () -- C:\Windows\System32\AVerIO.sys
[2009.03.07 18:20:05 | 000,253,952 | R--- | C] () -- C:\Windows\System32\sptlib02.dll
[2009.03.07 18:20:05 | 000,249,856 | R--- | C] () -- C:\Windows\System32\sptlib01.dll
[2009.03.07 18:20:05 | 000,245,760 | R--- | C] () -- C:\Windows\System32\sptlib03.dll
[2009.01.12 15:19:42 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.04.16 20:08:05 | 000,163,017 | ---- | C] () -- C:\Windows\hpoins16.dat
[2008.04.16 20:08:04 | 000,005,279 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2008.03.23 17:05:24 | 000,000,148 | ---- | C] () -- C:\Windows\bg_info.ini
[2008.02.04 14:39:24 | 000,302,496 | ---- | C] () -- C:\Windows\INSTWIN4.EXE
[2008.02.04 14:37:05 | 000,190,499 | ---- | C] () -- C:\Windows\INSTBS3.EXE
[2008.02.04 14:29:49 | 000,194,851 | ---- | C] () -- C:\Windows\INSTBS2.EXE
[2007.11.09 18:25:09 | 000,000,055 | ---- | C] () -- C:\Windows\TC.INI
[2007.11.09 18:15:39 | 000,246,784 | ---- | C] () -- C:\Windows\UN160407.EXE
[2007.10.26 20:53:58 | 000,000,031 | ---- | C] () -- C:\Windows\sbewin32.INI
[2007.10.24 15:38:16 | 000,000,790 | ---- | C] () -- C:\Windows\TomCat.INI
[2007.10.24 14:36:11 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2007.10.21 11:15:01 | 000,000,542 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.14 19:44:52 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007.10.06 14:32:29 | 000,004,656 | ---- | C] () -- C:\Windows\AMIPRO.INI
[2007.10.06 14:19:33 | 000,004,250 | ---- | C] () -- C:\Windows\AMIVISD.INI
[2007.10.06 14:19:33 | 000,000,403 | ---- | C] () -- C:\Windows\AMIPRO2.INI
[2007.10.03 19:41:36 | 000,003,090 | ---- | C] () -- C:\Windows\AMICALC.INI
[2007.10.03 19:25:26 | 000,023,822 | ---- | C] () -- C:\Windows\AMIOW.INI
[2007.10.03 19:25:26 | 000,008,283 | ---- | C] () -- C:\Windows\AMIDW.INI
[2007.10.03 19:25:26 | 000,006,941 | ---- | C] () -- C:\Windows\AMILABEL.INI
[2007.10.03 19:25:26 | 000,005,909 | ---- | C] () -- C:\Windows\AMIWP.INI
[2007.10.03 19:25:26 | 000,001,993 | ---- | C] () -- C:\Windows\AMIIWP.INI
[2007.10.03 19:25:26 | 000,000,898 | ---- | C] () -- C:\Windows\AMIEQN.INI
[2007.10.03 19:25:25 | 000,011,208 | ---- | C] () -- C:\Windows\AMIENV.DLL
[2007.10.03 19:25:25 | 000,000,478 | ---- | C] () -- C:\Windows\lotus.ini
[2007.10.03 19:25:25 | 000,000,332 | ---- | C] () -- C:\Windows\AMIFONT.INI
[2007.10.03 11:06:07 | 000,003,617 | ---- | C] () -- C:\Windows\pc_fb.ini
[2007.09.23 12:45:58 | 000,004,378 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2007.09.23 12:44:05 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2007.09.16 11:42:24 | 000,000,000 | ---- | C] () -- C:\Windows\Net-It Now! SE.INI
[2007.09.16 11:38:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\NILaunch.exe
[2007.09.16 11:38:08 | 000,037,888 | ---- | C] () -- C:\Windows\System32\NIUninstall.exe
[2007.09.16 11:37:47 | 000,000,038 | ---- | C] () -- C:\Windows\Approach.ini
[2007.09.16 11:31:06 | 000,000,000 | ---- | C] () -- C:\Windows\winhelp.ini
[2007.09.09 19:58:01 | 000,000,054 | ---- | C] () -- C:\Windows\fpxpress.ini
[2007.09.05 09:50:30 | 000,000,000 | ---- | C] () -- C:\Users\Gerd Fischer\AppData\Roaming\wklnhst.dat
[2007.09.04 15:31:56 | 000,060,928 | ---- | C] () -- C:\Users\Gerd Fischer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.28 03:36:18 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007.02.28 03:36:16 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007.02.28 03:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007.02.26 21:02:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1151.dll
[2007.02.26 21:02:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.02.26 21:02:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007.02.26 21:02:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007.02.26 18:03:44 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.02.26 12:59:50 | 000,163,840 | ---- | C] () -- C:\Windows\System32\WLANDLL.DLL
[2006.11.02 17:33:31 | 000,698,314 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,140,292 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,436,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,656,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,506 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.10.17 07:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\besch.exe
[2006.10.17 07:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\besched.dll
[2006.09.29 16:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2006.09.24 22:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2006.09.24 22:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll
[2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll
[2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll
[2005.01.01 22:05:12 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2005.01.01 22:04:06 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2003.10.02 01:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll
[2003.10.02 01:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll
[1998.03.18 03:23:00 | 000,096,256 | ---- | C] () -- C:\Windows\System32\nsqlc32.dll
[1998.01.13 03:23:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\lotrn13.dll
[1997.07.31 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.07.31 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

< End of report >
         
--- --- ---

Alt 06.05.2011, 12:19   #7
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Nachtrag:
Hier ist noch eine OTL-Log-Datei (Extras):OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.05.2011 17:42:28 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Gerd Fischer\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 213,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,85 Gb Total Space | 31,90 Gb Free Space | 38,05% Space Free | Partition Type: NTFS
Drive H: | 232,88 Gb Total Space | 212,92 Gb Free Space | 91,43% Space Free | Partition Type: NTFS
 
Computer Name: NOTEBOOK | User Name: Gerd Fischer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2133952941-3459510235-1210853127-1003]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114367EE-22F3-4C16-99CD-551A88212BEF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1BCCC0F3-EDD7-480E-BB4B-870568462634}" = rport=139 | protocol=6 | dir=out | app=system | 
"{46E78C51-BD64-44B2-BB96-DC8B68182580}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8A089BD2-5B7B-40EB-9B0A-FABB6AAA4875}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8E689110-6FEC-43F8-B3CC-417D6AF54F53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9A39D768-4770-4D98-AD04-E33B54EB90FF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB9EBD96-AAF6-4F38-BFD0-0B51F960FB4E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E3A06607-5153-4061-AAA7-0291EBF3009B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F69ADB1C-E989-4633-8EC9-FC151863207B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FA4209DA-F904-419C-8D7D-83F27FD03FD2}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28CFDEA3-1FFE-445E-BD6B-A4637549DBF5}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{4A36FCAE-C978-48A1-993B-92C71FBCA862}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4CD200BC-FA96-46DB-80AD-A14712EAE4F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4F5A6558-3CD6-4422-87CF-65F227E8618D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{75372AE2-020E-49DD-865C-95F10511C165}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{79B8994D-FC56-4116-972B-6D5FEA3EF931}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AE172C67-3311-4586-ADCA-D67A9F433965}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{B853D6C8-BE18-4F9F-BA31-E6B14A1C8375}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{D9CDC8C4-8B2D-48A4-A8A0-005242DC7FAC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E2D37B4F-3F93-4F92-A782-23418612D790}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EAFCB9F6-7EF1-47F4-8E6D-E8388AE78AB5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FD2ADCE9-131F-45D9-9E17-7519D15708BE}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"TCP Query User{91E5E376-0946-4AF5-90C1-A7CE2266EC1E}C:\program files\videograbber\update.exe" = protocol=6 | dir=in | app=c:\program files\videograbber\update.exe | 
"TCP Query User{BE9695D9-EB0D-49E6-A4DB-1FAF0AD4D8ED}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{7B9D15E3-6741-4228-B3C4-C976A77A3AD6}C:\program files\videograbber\update.exe" = protocol=17 | dir=in | app=c:\program files\videograbber\update.exe | 
"UDP Query User{D02FBF94-D5CF-47B1-9AEB-411862E57A59}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008
"{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1B046D15-EC86-4FF8-9CF5-43B14FC4937C}" = POP3-Manager
"{1B7DD202-20F6-489F-B7CD-42B9AB2002A0}" = Quicken 2008 - ServicePack 2
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{288A2B29-1EF4-4BC9-986B-86005873445D}" = Roxio Backup MyPC Deluxe
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{319786B7-D72F-43B3-99C1-E93724ED17D3}" = Lexware online banking 4.90
"{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}" = funScreenScraping Client Version
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4CE9FE44-077C-46F9-A8EC-4557D2D86790}" = Quicken Import Export Server 2008
"{4FC583C2-45DB-44ac-AD30-8837DB845588}" = HP Photosmart Printer Software 9.0
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = 
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" = 
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{5783F2D6-7028-0407-0000-0060B0CE6BBA}" = DWG TrueView 2009
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo Suite
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}" = Servicepack Datumsaktualisierung
"{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}" = Lexware online banking 4.90
"{8C4F56A2-03D5-441B-B911-EC2604622D58}" = FormsForWeb® Filler
"{8DD59B6E-6FC4-4CDC-896D-2FDF19CBE70B}" = DDBAC
"{8EAA36CC-E2CA-44AA-B113-CD65FD0F3AC8}" = ScanSoft PaperPort 11
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Excel Viewer 2003
"{9112CADD-8FC9-4B75-BB46-40D9544D4359}}_is1" = DEnA - Energieausweis 2.0.8
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = Sony SonicStage 4.3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C183A21C-395A-490F-99D4-CCAB35E32859}" = 
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE72437E-0C5F-4E26-8C07-42AB0C9F7B1D}" = VAIO Video & Photo  Suite
"{D6B86834-EC2F-464e-8AF6-49DDBC483D42}" = D5300_Help
"{D784D8FF-8E8B-4837-876E-D775E1CD2301}" = D5300
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E2A8DE20-C75F-4799-8851-39E04771E2A1}" = PS_SF_02_Software_min
"{E6DE49CA-30D6-427a-9440-09962E3CB9B8}" = PS_SF_02_ProductContext
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE95B5F7-F280-4b1c-89A6-CBDD59146581}" = PS_SF_02_Software
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F595CB9B-6628-4ae5-8544-DE36136DF479}" = D5300_doccd
"{F7E345A5-F79B-44EE-BC4A-738899E756C0}" = Lexware online banking 4.90
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"07D05E78AC75D5EB12431B61D08C0806E7350B54" = Windows-Treiberpaket - Scanntronik Mugrauer GmbH Scanntronik Driver Package (10/22/2009 2.06.00)
"1B35E688F19CD7FB4DBCA19B602B97070B2D4217" = Windows-Treiberpaket - Scanntronik Mugrauer GmbH Scanntronik Driver Package (10/22/2009 2.06.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AnyDVD" = AnyDVD
"AVerMedia A850 USB DVBT" = AVerMedia A850 USB DVBT 1.0.0.18
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DasTelefonbuch. München 2011" = DasTelefonbuch. München 2011
"DeInst_dotexcrd2.0" = TOP 50 (Version 2.0)
"DWG TrueView 2009" = DWG TrueView 2009
"Encarta Weltatlas 2.0" = Microsoft Encarta Weltatlas
"FormatFactory" = FormatFactory 2.45
"Google Updater" = Google Updater
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy 16.3.04
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Help Workshop" = Help Workshop 4.03
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"InstallShield_{15411A8C-34CC-41BB-A48C-52E3C052F20F}" = Quicken 2008
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"ISD200" = USB Storage Adapter V2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"MarcoPolo" = Marco Polo Travel Center
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NAV" = Norton AntiVirus
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"Picasa 3" = Picasa 3
"Planungstool Lüftungskonzept_is1" = Planungstool Lüftungskonzept - Deinstallieren
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Skype_is1" = Skype 3.0
"SmartSuite V99.0" = Lotus SmartSuite 9.5
"SoftFOX & Co._is1" = SoftFOX & Co.
"Ulead PhotoImpact 4.2" = Ulead PhotoImpact 4.2
"VLC media player" = VideoLAN VLC media player 0.8.6c
"vLite_is1" = vLite
"Winston_is1" = Winston Version 2011W
"WinZip" = WinZip 9.0
"WS_FTP" = WS_FTP 95 LE
"WVGW_DVGW-TRGI Kommentar" = DVGW-TRGI / Kommentar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 06.05.2011, 12:48   #8
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Weiterer Nachtrag:
Hier ist noch eine Malwarebytes-Log-Datei vom gleichen Tag wie die erstgesendete Datei

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Datenbank Version: 6462
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
28.04.2011 17:18:45
mbam-log-2011-04-28 (17-18-45).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 272798
Laufzeit: 1 Stunde(n), 26 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LtuBJrJRDEvvaD (Trojan.FakeAlert) -> Value: LtuBJrJRDEvvaD -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Users\gerd fischer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\programdata\ltubjrjrdevvad.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\25616160.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\gerd fischer\AppData\Local\Temp\jar_cache9112.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\gerd fischer\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\gerd fischer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\gerd fischer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Alt 06.05.2011, 14:34   #9
markusg
/// Malware-holic
 
Malware Windows Recovery - Standard

Malware Windows Recovery



warum hat dein windows noch nie updates gesehen.
da musst du dich über malware nicht wundern.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.05.2011, 15:21   #10
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Zunächst 'mal wieder herzlichen Dank für Deine Bemühung.
Wie kommst Du darauf, daß mein Windows noch nie Updates gesehen hat? Genügt es nicht, wenn ich regelmäßig die angebotenen Updates von Microsoft installiere? Die Liste der letzten Updates habe ich als Anhang beigefügt
Werde mich jetzt um das Combofix kümmern und dann wieder posten.
Miniaturansicht angehängter Grafiken
Malware Windows Recovery-updates.jpg  

Alt 06.05.2011, 16:17   #11
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Hallo lieber Markusg,
habe das Programm "Combofix" laufen lassen. Hier ist die Log-Datei:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-05.04 - Gerd Fischer 06.05.2011  16:48:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.1014.236 [GMT 2:00]
ausgeführt von:: c:\users\Gerd Fischer\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\PHOTOI~1\SSaver\Ussshreg.exe
c:\windows\system\FTSRCH.DLL
c:\windows\system32\AutoRun.inf
c:\windows\winhelp.ini
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-06 bis 2011-05-06  ))))))))))))))))))))))))))))))
.
.
2011-05-06 15:03 . 2011-05-06 15:04	--------	d-----w-	c:\users\Gerd Fischer\AppData\Local\temp
2011-05-06 15:03 . 2011-05-06 15:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-06 07:38 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 07:38 . 2011-05-06 07:38	--------	d-----w-	c:\program files\Malwarebytes
2011-05-03 07:24 . 2011-05-03 07:24	--------	d-----w-	c:\program files\Symantec
2011-05-03 07:24 . 2011-05-03 07:24	126512	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2011-05-03 07:22 . 2011-05-03 07:25	--------	d-----w-	c:\windows\system32\drivers\NAV
2011-05-03 07:22 . 2011-05-03 07:22	--------	d-----w-	c:\program files\Norton AntiVirus
2011-05-03 07:17 . 2011-05-03 07:47	--------	d-----w-	c:\program files\NortonInstaller
2011-04-28 16:26 . 2011-04-18 07:15	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{86E18162-5BE7-4E59-B78A-75B3D7EC862A}\mpengine.dll
2011-04-28 10:38 . 2011-04-28 10:38	--------	d-----w-	c:\users\Gerd Fischer\AppData\Roaming\Malwarebytes
2011-04-28 10:38 . 2011-04-28 10:38	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-27 13:45 . 2011-04-27 13:45	1186056	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-01 07:39 . 2011-04-01 07:39	226656	----a-w-	c:\windows\system32\ddBACCTM.cpl
2011-04-01 07:39 . 2011-04-01 07:39	824672	----a-w-	c:\windows\system32\Ddbaccpl.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-17 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656]
"Net-It Launcher"="c:\windows\system32\NILaunch.exe" [1998-02-05 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-14 286720]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-24 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-24 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-24 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\PaperPort\pptd40nt.exe" [2008-05-10 29984]
"IndexSearch"="c:\program files\PaperPort\IndexSearch.exe" [2008-05-10 46368]
"PPort11reminder"="c:\program files\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
.
c:\users\Gerd Fischer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Explorer.lnk - c:\windows\explorer.exe [2008-12-11 2923520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 14:19	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2133952941-3459510235-1210853127-1003]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 AVerAF15DMBTH;AVerMedia A850 BDA Digital Tuner;c:\windows\system32\Drivers\AVerAF15DMBTH.sys [2008-06-11 292992]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 ISD200;USB Storage Adapter V2;c:\windows\system32\DRIVERS\ISD200.SYS [2000-07-12 26402]
R3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys [2005-10-10 34841]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-01-08 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 1089536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [2011-04-29 802936]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110429.002\IDSvix86.sys [2011-03-14 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NAV\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2010-01-07 110304]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-06-06 352256]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-07-14 409600]
S2 CAPI20;Eumex 504PC USB;c:\windows\system32\Drivers\CAPI20.SYS [2005-12-07 976100]
S2 DETEWECP;Telekom ISDN Port;c:\windows\System32\drivers\detewecp.sys [2006-05-11 37312]
S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-05 28933976]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-03 102448]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
2010-04-05 10:15	124928	----a-w-	c:\windows\System32\advpack.dll
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-26 12:44]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 09:06]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 09:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = localhost
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: holbaurat.de\www
Trusted Zone: lotto-bayern.de\www
Trusted Zone: microsoft.com\go
Trusted Zone: sueddeutsche.de\sz-magazin
Trusted Zone: t-online.de\www.baurat.homepage
.
.
------- Dateityp-Verknüpfung -------
.
.scr=DWGTrueViewScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-USSShReg - c:\progra~1\PHOTOI~1\SSaver\Ussshreg.exe
AddRemove-Encarta World Atlas 2.0 - F:\setup.exe
AddRemove-vLite_is1 - c:\program files\vLite\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-06 17:04
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-06  17:09:17
ComboFix-quarantined-files.txt  2011-05-06 15:09
.
Vor Suchlauf: 15 Verzeichnis(se), 33.336.049.664 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 33.400.782.848 Bytes frei
.
- - End Of File - - 6E6D2EE22EF13413C33DFD97C3EAC32D
         
--- --- ---

Alt 06.05.2011, 16:21   #12
markusg
/// Malware-holic
 
Malware Windows Recovery - Standard

Malware Windows Recovery



du hast kein servicepack 1 und kein servicepack 2 die sind aber dringenst nötig. machen wir später.
dies zeigt mir das otl log im kopf des logs an.
jetzt noch was unangenehmes.
machst du onlinebanking /einkäufe oder sonst was wichtiges mit dem pc? privat oder beruflich.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.05.2011, 17:04   #13
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Mache Online-Banking mit dem Programm Quicken.

Alt 06.05.2011, 17:15   #14
markusg
/// Malware-holic
 
Malware Windows Recovery - Standard

Malware Windows Recovery



1. lasse sofort das onlinebanking sperren.
notfall nummer:
116 116
du hast ein tdss rootkit auf dem pc.
dieses rootkit bietet einem angreifer volle kontrolle über das system.
deswegen ist jetzt folgendes zu tun:
daten sichern:
sichere deine wichtigen daten, dokumente bilder musik etc.
nichts illegales wie keygens cracs und dateien aus file sharing.
dann muss das system neu aufgesetzt werden.
das heißt formatieren, windows neu instalieren.
dann sollten wir, falls du das möchtest, dass system absichern.
es gibt einige möglichkeiten um sich besser zu schützen, diese möchte ich mit dir durcharbeiten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2011, 07:58   #15
baurat
 
Malware Windows Recovery - Standard

Malware Windows Recovery



Danke für den Hinweis wegen Onlinebanking. Habe sofort mit der Sicherheits-Hotline meiner Bank telefoniert. Man hat mich beruhigt. Ohne TAN-Nummer kann keine Transaktion durchgeführt werden. Und eine TAN-Nummer erhalte ich immer nur im Einzelfall nach Anforderung über mein Mobilttelefon. Es kann also nicht viel passieren. Werde aber natürlich vorläufig das Online-Banking einstellen. Was schlägst Du vor, nachdem ich meine persönliche Daten gesichert habe (was ich ja sowieso regelmäßig mache)? Ist eine Neuinstallation von Vista die einzige Möglichkeit, um dieses Rootkit los zu werden?

Antwort

Themen zu Malware Windows Recovery
antivirus, betriebssystem, bild, board, computer, entfernung, fehler, gen, home, interne, internet, malware, malwarebytes, maßnahme, meldungen, microsoft, norton, problem, recover, recovery, software, störungen, tools, vista, vista home premium, wiederkehrende, windows, windows vista, windows vista home



Ähnliche Themen: Malware Windows Recovery


  1. Data Recovery Malware eingefangen und gemäß Anleitung hier bekämpft
    Log-Analyse und Auswertung - 06.11.2011 (1)
  2. Recovery-Opfer nach malware geht es wie mit otl weiter
    Log-Analyse und Auswertung - 25.06.2011 (9)
  3. Windows XP Recovery GAU
    Plagegeister aller Art und deren Bekämpfung - 18.06.2011 (15)
  4. Windows Recovery
    Log-Analyse und Auswertung - 10.06.2011 (20)
  5. Windows recovery Malware
    Log-Analyse und Auswertung - 09.05.2011 (11)
  6. Windows Recovery Malware
    Log-Analyse und Auswertung - 08.05.2011 (22)
  7. Windows Recovery auf PC
    Log-Analyse und Auswertung - 08.05.2011 (6)
  8. Windows Recovery Malware
    Log-Analyse und Auswertung - 05.05.2011 (32)
  9. Windows Recovery
    Log-Analyse und Auswertung - 04.05.2011 (7)
  10. Diverse Trojaner, Nicht mehr funktionsfähiges AntiVir, Windows Recovery Malware
    Log-Analyse und Auswertung - 25.04.2011 (1)
  11. Windows Recovery :(
    Plagegeister aller Art und deren Bekämpfung - 24.04.2011 (1)
  12. Malware Windows Recovery !
    Log-Analyse und Auswertung - 21.04.2011 (4)
  13. Nach Windows-Recovery (?) Befall und Entfernen via Malware schwarzer Hintergrund und alle Daten weg
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (23)
  14. Windows Recovery Malware. Halbwegs beseitigt.
    Log-Analyse und Auswertung - 15.04.2011 (20)
  15. 'Windows Recovery' Rogue Malware / nun unerwünschte Umleitungen auf andere Seiten
    Log-Analyse und Auswertung - 14.04.2011 (1)
  16. Windows Recovery Malware Logfiles
    Log-Analyse und Auswertung - 14.04.2011 (11)
  17. Probleme nach Windows Recovery Malware Befall
    Log-Analyse und Auswertung - 07.04.2011 (37)

Zum Thema Malware Windows Recovery - Die Malware "Windows Recovery" hat sich auf meinem Computer breit gemacht (Betriebssystem Windows Vista Home Premium). Mit einer Handlungs-Anleitung aus dem Board und den dort angegebenen Tools (rkill, malwarebytes) habe - Malware Windows Recovery...
Archiv
Du betrachtest: Malware Windows Recovery auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.