Java-Virus (!), langsames arbeiten

2fcn · 11.09.2011, 08:40

Hallo,

seit vorgestern ging der PC sehr lahm. Antivir drüber und hat 6 Funde festgestellt, diese in Quarantäne, dabei der Name JAVA-Virus aufgetaucht. Nun folgende Logs:

OTL Extras logfile created on: 11.09.2011 09:19:53 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Dokumente und Einstellungen\Maria\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1023,48 Mb Total Physical Memory | 636,30 Mb Available Physical Memory | 62,17% Memory free
2,41 Gb Paging File | 2,02 Gb Available in Paging File | 84,12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76,25 Gb Total Space | 48,79 Gb Free Space | 63,99% Space Free | Partition Type: NTFS
Drive E: | 127,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARIAPC | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application -- ()
"C:\Dokumente und Einstellungen\Maria\Eigene Dateien\Eigene Programme\ICQ7.5\ICQ.exe" = C:\Dokumente und Einstellungen\Maria\Eigene Dateien\Eigene Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"Lexmark Printer Software Uninstall" = Lexmark Drucker-Software deinstallieren
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Windows XP Service Pack" = Windows XP Service Pack 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09.09.2011 11:22:02 | Computer Name = MARIAPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.2.4262, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 09.09.2011 11:23:53 | Computer Name = MARIAPC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x0001f6db.

Error - 09.09.2011 11:27:25 | Computer Name = MARIAPC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x0001f6db.

Error - 09.09.2011 11:37:04 | Computer Name = MARIAPC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x0001f6db.

Error - 09.09.2011 11:53:09 | Computer Name = MARIAPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.2.4262, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 09.09.2011 12:52:19 | Computer Name = MARIAPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.2.4262, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 09.09.2011 12:54:47 | Computer Name = MARIAPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.2.4262, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 09.09.2011 13:00:59 | Computer Name = MARIAPC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x0001f6db.

Error - 09.09.2011 13:01:17 | Computer Name = MARIAPC | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.2180, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.2180, Fehleradresse 0x0001f6db.

Error - 09.09.2011 13:12:28 | Computer Name = MARIAPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 6.0.2.4262, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 09.09.2011 11:24:19 | Computer Name = MARIAPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..

Error - 09.09.2011 11:33:57 | Computer Name = MARIAPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..

Error - 09.09.2011 11:42:10 | Computer Name = MARIAPC | Source = Service Control Manager | ID = 7034
Description = Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits
3 Mal passiert.

Error - 09.09.2011 11:59:08 | Computer Name = MARIAPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 09.09.2011 11:59:08 | Computer Name = MARIAPC | Source = VolSnap | ID = 393230
Description = Die Schattenkopie von Volume "C:" wurde aufgrund eines E/A-Fehlers
abgebrochen.

Error - 09.09.2011 12:01:57 | Computer Name = MARIAPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 09.09.2011 12:01:57 | Computer Name = MARIAPC | Source = VolSnap | ID = 393230
Description = Die Schattenkopie von Volume "C:" wurde aufgrund eines E/A-Fehlers
abgebrochen.

Error - 09.09.2011 12:57:20 | Computer Name = MARIAPC | Source = DCOM | ID = 10010
Description = Der Server "{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 09.09.2011 12:59:33 | Computer Name = MARIAPC | Source = DCOM | ID = 10010
Description = Der Server "{9B1F122C-2982-4E91-AA8B-E071D54F2A4D}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 09.09.2011 13:01:12 | Computer Name = MARIAPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..

< End of report >

OTL logfile created on: 11.09.2011 09:19:53 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Dokumente und Einstellungen\Maria\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1023,48 Mb Total Physical Memory | 636,30 Mb Available Physical Memory | 62,17% Memory free
2,41 Gb Paging File | 2,02 Gb Available in Paging File | 84,12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76,25 Gb Total Space | 48,79 Gb Free Space | 63,99% Space Free | Partition Type: NTFS
Drive E: | 127,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARIAPC | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Maria\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\NETGEAR\WG311v3\wlancfg5.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\NETGEAR\WG311v3\WlanDll.dll ()
MOD - C:\Programme\NETGEAR\WG311v3\wlancfg5.exe ()

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Boonty Games) -- C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

========== Driver Services (SafeList) ==========

DRV - (xpsec) -- File not found
DRV - (xcpip) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335) -- C:\WINDOWS\system32\drivers\WG311v3XP.sys (Marvell Semiconductor, Inc)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (V124) -- C:\WINDOWS\system32\drivers\HSF_V124.sys (Conexant)
DRV - (Tones) -- C:\WINDOWS\system32\drivers\HSF_TONE.sys (Conexant)
DRV - (hsf_msft) -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)
DRV - (Rksample) -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys (Conexant)
DRV - (K56) -- C:\WINDOWS\system32\drivers\HSF_K56K.sys (Conexant)
DRV - (Fallback) -- C:\WINDOWS\system32\drivers\HSF_FALL.sys (Conexant)
DRV - (SoftFax) -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys (Conexant)
DRV - (Fsks) -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys (Conexant)
DRV - (basic2) -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.09.07 20:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

[2011.05.21 11:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Extensions
[2011.08.19 17:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\extensions
[2011.08.01 21:53:34 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011.08.19 17:42:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.07 16:07:23 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011.09.08 13:23:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\searchplugins\icqplugin-1.xml
[2011.07.03 17:22:13 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\searchplugins\icqplugin-2.xml
[2011.08.20 11:53:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\searchplugins\icqplugin-3.xml
[2011.08.24 17:27:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\searchplugins\icqplugin-4.xml
[2011.09.02 17:32:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\searchplugins\icqplugin-5.xml
[2011.09.08 15:01:51 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\searchplugins\icqplugin-6.xml
[2011.06.21 14:25:31 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\bnqfmcts.default\searchplugins\icqplugin.xml
[2011.06.01 12:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.01 12:54:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.31 09:30:26 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2011.06.01 12:53:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.09.07 20:02:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG311v3 Smart Wizard.lnk = C:\Programme\NETGEAR\WG311v3\wlancfg5.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Dokumente und Einstellungen\Maria\Eigene Dateien\Eigene Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Dokumente und Einstellungen\Maria\Eigene Dateien\Eigene Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95D81B06-1D86-476B-B9F8-A80791C5C7BA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell(R))
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.20 18:46:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.10.27 14:29:14 | 000,000,106 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.09.04 14:34:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinZip
[2011.09.04 14:34:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.09.04 14:34:21 | 000,000,000 | ---D | C] -- C:\Programme\WinZip
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.09.11 09:15:36 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\defogger_reenable
[2011.09.11 08:51:19 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.09.11 08:50:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.09.11 08:50:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.04 14:34:49 | 000,001,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.09.11 09:15:36 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Maria\defogger_reenable
[2011.09.04 14:34:49 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WinZip.lnk
[2011.06.22 18:45:15 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI
[2011.06.08 10:58:55 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2011.06.01 12:19:56 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.31 08:53:33 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2011.05.21 11:27:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.05.20 19:30:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.05.20 19:29:19 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.05.20 19:12:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.05.20 19:10:42 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011.05.20 19:10:42 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011.05.20 19:10:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011.05.20 19:10:42 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011.05.20 19:10:42 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011.05.20 19:09:01 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2011.05.20 19:08:55 | 000,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2011.05.20 18:47:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.05.20 18:44:16 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.03 05:46:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008.05.03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.11.17 10:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003.11.17 10:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003.04.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.04.02 14:00:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.04.02 14:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.04.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.04.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003.04.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.04.02 14:00:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.04.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.04.02 14:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.04.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003.04.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.04.02 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.04.02 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.04.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.11.14 19:38:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.11.14 19:37:09 | 000,004,568 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34

< End of report >

Java-Virus (!), langsames arbeiten

Plagegeister aller Art und deren Bekämpfung: Java-Virus (!), langsames arbeiten

Java-Virus (!), langsames arbeiten

Ähnliche Themen: Java-Virus (!), langsames arbeiten