Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus Fund HTML/Dldr.Tharra.E

Virus Fund HTML/Dldr.Tharra.E


Log-Analyse und Auswertung: Virus Fund HTML/Dldr.Tharra.E

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.09.2011, 12:57   #1
guitarero
 
Virus Fund HTML/Dldr.Tharra.E - Standard

Virus Fund HTML/Dldr.Tharra.E


Hallo!

Ich habe heute morgen beim Scannen meines Laptops folgenden Virus gefunden:

HTML/Dldr.Tharra.E

Avira AntiVir hat leider keine näheren Informationen dazu. Den Ordner "Trojaner" auf dem Desktop hab ich selbst erstellt um die logfiles aufzubewahren.

Ich hab wie beschrieben Defogger und OTL laufen lassen. Hier die Log-Files

Defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:45 on 12/09/2011 (Der B)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


OTL Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.09.2011 12:50:19 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Der B\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 69,94% Memory free
7,48 Gb Paging File | 6,17 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 319,27 Gb Total Space | 225,96 Gb Free Space | 70,77% Space Free | Partition Type: NTFS
Drive D: | 4,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 146,49 Gb Total Space | 50,00 Gb Free Space | 34,13% Space Free | Partition Type: NTFS
 
Computer Name: DERB-PC | User Name: Der B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera 11.10 beta\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera 11.10 beta\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8C58C76C-262E-4615-A65B-EAD74866767D}" = M-Audio AxiomPro Driver 6.0.1 (x64)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"Opera 11.51.1087" = Opera 11.51
"SeriousSam2" = Serious Sam 2
"VLC media player" = VLC media player 1.1.10
"WinGimp-2.0_is1" = GIMP 2.6.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.09.2011 11:55:11 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:11 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:16 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:17 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:18 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:22 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:25 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:26 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:28 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
Error - 09.09.2011 11:55:32 | Computer Name = DerB-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
vid: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fel: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen
an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. .
 
[ System Events ]
Error - 11.09.2011 06:06:26 | Computer Name = DerB-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Update für Microsoft XML Core Services 4.0 Service 
Pack 2 für x64-basierte Systeme (KB973688).
 
Error - 11.09.2011 21:01:35 | Computer Name = DerB-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.09.2011 21:01:35 | Computer Name = DerB-PC | Source = Service Control Manager | ID = 7000
Description = Tjänsten Windows Installer kunde inte startas på grund av följande
fel: %%2
 
Error - 11.09.2011 21:01:38 | Computer Name = DerB-PC | Source = Service Control Manager | ID = 7000
Description = Tjänsten Windows Installer kunde inte startas på grund av följande
fel: %%2
 
Error - 11.09.2011 21:01:59 | Computer Name = DerB-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070641: Definitionsupdate für Microsoft Office 2010 (KB982726),
64-Bit Edition.
 
Error - 11.09.2011 21:01:59 | Computer Name = DerB-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Sicherheitsupdate für Microsoft XML Core Services 4.0
Service Pack 2 für x64-Systeme (KB954430).
 
Error - 11.09.2011 21:02:00 | Computer Name = DerB-PC | Source = Service Control Manager | ID = 7000
Description = Tjänsten Windows Installer kunde inte startas på grund av följande
fel: %%2
 
Error - 11.09.2011 21:02:12 | Computer Name = DerB-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Update für Microsoft XML Core Services 4.0 Service 
Pack 2 für x64-basierte Systeme (KB973688).
 
Error - 12.09.2011 03:29:26 | Computer Name = DerB-PC | Source = Service Control Manager | ID = 7009
Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Microsoft
.NET Framework NGEN v4.0.30319_X64 skulle ansluta.
 
Error - 12.09.2011 03:32:53 | Computer Name = DerB-PC | Source = Service Control Manager | ID = 7022
Description = Tjänsten Windows Update stannade under start.
 
 
< End of report >
--- --- ---


OTL Standard:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.09.2011 12:50:19 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Der B\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 69,94% Memory free
7,48 Gb Paging File | 6,17 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 319,27 Gb Total Space | 225,96 Gb Free Space | 70,77% Space Free | Partition Type: NTFS
Drive D: | 4,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 146,49 Gb Total Space | 50,00 Gb Free Space | 34,13% Space Free | Partition Type: NTFS
 
Computer Name: DERB-PC | User Name: Der B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.12 12:48:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Der B\Desktop\OTL.exe
PRC - [2011.06.30 21:58:22 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 11:04:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.07 13:54:25 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.28 04:14:52 | 000,376,176 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
PRC - [2010.05.28 04:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010.05.28 04:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe
PRC - [2010.01.15 13:38:46 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2009.09.30 14:02:38 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 14:02:36 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.02.05 15:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.30 21:58:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 11:04:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.28 04:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010.05.28 04:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.30 14:02:38 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 14:02:36 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.30 21:58:22 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 21:58:22 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.23 03:08:00 | 000,090,624 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2011.02.23 03:03:44 | 000,028,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetgps64.sys -- (AndNetGps)
DRV:64bit: - [2011.02.23 03:03:40 | 000,037,376 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2011.02.23 03:03:40 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.02.04 00:10:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.02.03 23:15:27 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV:64bit: - [2011.02.03 23:15:22 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.02.03 23:15:22 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.02.03 23:15:22 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2010.12.07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.26 13:28:42 | 000,046,088 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioAxiomPro_DFU.sys -- (MADFUAXIOMPRO)
DRV:64bit: - [2010.03.26 13:28:36 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioAxiomPro.sys -- (MAUSBAXIOMPRO)
DRV:64bit: - [2010.03.26 11:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.24 11:57:20 | 000,243,744 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.02.25 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.22 12:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.02 16:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.01.27 08:43:10 | 000,214,912 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2010.01.15 19:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2009.10.19 01:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?o=14672&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 28 4C F1 EC C3 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - prefs.js..extensions.enabledItems: {25A1388B-6B18-46c3-BEBA-A81915D0DE8F}:1.7.5
FF - prefs.js..extensions.enabledItems: langpack-sv-SE@thunderbird.mozilla.org:3.1.481
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.11 12:05:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.02.04 00:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Der B\AppData\Roaming\mozilla\Extensions
[2011.02.04 00:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Der B\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
() (No name found) -- C:\USERS\DER B\APPDATA\ROAMING\THUNDERBIRD\PROFILES\WH25UZI1.DEFAULT\EXTENSIONS\{25A1388B-6B18-46C3-BEBA-A81915D0DE8F}.XPI
[2011.07.29 17:51:46 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\DER B\APPDATA\ROAMING\THUNDERBIRD\PROFILES\WH25UZI1.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{000FCF87-C4A0-4E4E-AE00-332D252FC4AC}: DhcpNameServer = 195.34.133.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BB474E5-CF59-4849-9E3C-5068AA418614}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C9B3CCB-A60D-4295-9925-5B491A009409}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1155084-0CF4-42ED-94F8-EBFBB44BFDFB}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.17 13:01:03 | 000,009,662 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007.12.17 13:01:03 | 000,000,048 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{187c6dd7-2fd8-11e0-8bb0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{187c6dd7-2fd8-11e0-8bb0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\launcher.exe -- [2007.12.17 13:01:03 | 000,126,976 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Der B^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: M-Audio Taskbar Icon - hkey= - key= - C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.12 12:48:22 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Der B\Desktop\OTL.exe
[2011.09.12 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\Der B\Desktop\Trojaner
[2011.08.22 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\Der B\Documents\LG PC Suite IV
[2011.08.22 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\Der B\AppData\Local\LG Electronics
[2011.08.22 18:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2011.08.22 18:41:48 | 000,000,000 | ---D | C] -- C:\LGP990
[2011.08.22 18:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2011.08.22 18:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Der B\Desktop\*.tmp files -> C:\Users\Der B\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.12 12:53:45 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.12 12:53:45 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.12 12:48:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Der B\Desktop\OTL.exe
[2011.09.12 12:46:17 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011.09.12 12:46:11 | 3010,863,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.12 12:45:09 | 000,000,020 | ---- | M] () -- C:\Users\Der B\defogger_reenable
[2011.09.12 12:44:21 | 000,050,477 | ---- | M] () -- C:\Users\Der B\Desktop\Defogger.exe
[2011.09.09 12:02:04 | 000,011,724 | ---- | M] () -- C:\Users\Der B\Documents\Check this out..odt
[2011.09.09 11:54:35 | 000,000,118 | -H-- | M] () -- C:\Users\Der B\Documents\.~lock.Studienverlaufsübersicht.odt#
[2011.08.22 20:56:46 | 006,339,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.22 20:56:46 | 000,693,454 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011.08.22 20:56:46 | 000,689,108 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2011.08.22 20:56:46 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.22 20:56:46 | 000,639,338 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011.08.22 20:56:46 | 000,632,180 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2011.08.22 20:56:46 | 000,617,568 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2011.08.22 20:56:46 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.22 20:56:46 | 000,434,486 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2011.08.22 20:56:46 | 000,353,522 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2011.08.22 20:56:46 | 000,148,310 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2011.08.22 20:56:46 | 000,137,062 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011.08.22 20:56:46 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.22 20:56:46 | 000,127,144 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2011.08.22 20:56:46 | 000,123,740 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2011.08.22 20:56:46 | 000,110,792 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011.08.22 20:56:46 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.22 20:56:46 | 000,078,984 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2011.08.22 20:56:46 | 000,069,094 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2011.08.22 20:28:28 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.08.22 19:09:15 | 000,000,825 | ---- | M] () -- C:\Users\Der B\Desktop\LGMobile update.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Der B\Desktop\*.tmp files -> C:\Users\Der B\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.12 12:45:09 | 000,000,020 | ---- | C] () -- C:\Users\Der B\defogger_reenable
[2011.09.12 12:44:21 | 000,050,477 | ---- | C] () -- C:\Users\Der B\Desktop\Defogger.exe
[2011.09.09 11:54:35 | 000,000,118 | -H-- | C] () -- C:\Users\Der B\Documents\.~lock.Studienverlaufsübersicht.odt#
[2011.08.22 18:40:24 | 000,000,825 | ---- | C] () -- C:\Users\Der B\Desktop\LGMobile update.lnk
[2011.08.22 18:40:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.08.22 18:40:20 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.04.07 17:36:28 | 000,000,170 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.03.04 17:52:23 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.20 19:54:31 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.02.20 19:54:31 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.02.11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.02.07 23:46:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.04 20:38:49 | 000,000,017 | ---- | C] () -- C:\Users\Der B\AppData\Local\resmon.resmoncfg
[2011.02.03 23:13:45 | 000,001,341 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2010.08.25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009.07.14 07:38:36 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.07.05 21:10:17 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\.minecraft
[2011.06.23 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\Ableton
[2011.04.07 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\Bassic Technologies
[2011.02.07 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\DAEMON Tools Lite
[2011.07.12 17:18:44 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\gtk-2.0
[2011.03.04 17:31:27 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\Gutscheinmieze
[2011.02.04 03:25:49 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\OpenOffice.org
[2011.03.17 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\Opera
[2011.04.05 23:43:29 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\PlagiarismFinder
[2011.02.04 02:12:59 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\Propellerhead Software
[2011.02.04 01:54:16 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\Steinberg
[2011.02.04 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\Der B\AppData\Roaming\Thunderbird
[2011.08.03 17:19:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.02.05 00:14:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.02.02 20:00:48 | 000,000,000 | ---D | M] -- C:\8cf3179403b96ed4bec13247e9
[2011.06.20 12:09:23 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.02.01 11:29:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.02.01 11:42:53 | 000,000,000 | ---D | M] -- C:\Intel
[2011.02.01 12:47:56 | 000,000,000 | -H-D | M] -- C:\Lenovo
[2011.08.22 18:51:49 | 000,000,000 | ---D | M] -- C:\LGP990
[2011.05.21 13:01:54 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.06 18:09:22 | 000,000,000 | ---D | M] -- C:\PFiles
[2011.06.21 18:46:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.12 10:56:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.22 18:40:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.01 11:29:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.03 22:12:15 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.09.12 12:53:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.04 22:57:19 | 000,000,000 | ---D | M] -- C:\Temp
[2011.02.03 22:12:36 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.11 09:42:38 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
--- --- ---


Da das mein erster Beitrag ist hoffe ich alles richtig gemacht zu haben.

Mit freundlichen Grüßen,
guitarero

Hallo!

Anbei noch die Reportdatei von Antivir... Ich hoffe das hilft etwas.



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 12. September 2011 13:17

Es wird nach 3358433 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Der B
Computername : DERB-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 16:49:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 30.06.2011 19:58:22
AVSCAN.DLL : 10.0.5.0 57192 Bytes 30.06.2011 19:58:22
LUKE.DLL : 10.3.0.5 45416 Bytes 30.06.2011 19:58:22
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 30.06.2011 19:58:22
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 22:58:20
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 22:07:31
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 14:09:25
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 17:58:16
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 11:16:58
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 18:29:37
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 16:34:05
VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 16:34:05
VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 16:34:05
VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 16:34:06
VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 16:34:06
VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 16:34:06
VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 16:34:06
VBASE013.VDF : 7.11.13.95 166400 Bytes 17.08.2011 16:34:07
VBASE014.VDF : 7.11.13.125 209920 Bytes 18.08.2011 16:34:08
VBASE015.VDF : 7.11.13.157 184832 Bytes 22.08.2011 16:34:09
VBASE016.VDF : 7.11.13.201 128000 Bytes 24.08.2011 19:19:04
VBASE017.VDF : 7.11.13.234 160768 Bytes 25.08.2011 19:19:06
VBASE018.VDF : 7.11.14.16 141312 Bytes 30.08.2011 07:42:22
VBASE019.VDF : 7.11.14.48 133120 Bytes 31.08.2011 07:42:23
VBASE020.VDF : 7.11.14.78 156160 Bytes 02.09.2011 07:42:25
VBASE021.VDF : 7.11.14.109 126976 Bytes 06.09.2011 16:49:06
VBASE022.VDF : 7.11.14.137 131584 Bytes 08.09.2011 18:41:14
VBASE023.VDF : 7.11.14.138 2048 Bytes 08.09.2011 18:41:14
VBASE024.VDF : 7.11.14.139 2048 Bytes 08.09.2011 18:41:14
VBASE025.VDF : 7.11.14.140 2048 Bytes 08.09.2011 18:41:14
VBASE026.VDF : 7.11.14.141 2048 Bytes 08.09.2011 18:41:14
VBASE027.VDF : 7.11.14.142 2048 Bytes 08.09.2011 18:41:14
VBASE028.VDF : 7.11.14.143 2048 Bytes 08.09.2011 18:41:14
VBASE029.VDF : 7.11.14.144 2048 Bytes 08.09.2011 18:41:14
VBASE030.VDF : 7.11.14.145 2048 Bytes 08.09.2011 18:41:14
VBASE031.VDF : 7.11.14.162 183296 Bytes 11.09.2011 21:23:27
Engineversion : 8.2.6.60
AEVDF.DLL : 8.1.2.1 106868 Bytes 03.02.2011 22:08:02
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 26.08.2011 19:19:39
AESCN.DLL : 8.1.7.2 127349 Bytes 03.02.2011 22:08:00
AESBX.DLL : 8.2.1.34 323957 Bytes 04.06.2011 13:02:48
AERDL.DLL : 8.1.9.15 639348 Bytes 11.09.2011 21:23:34
AEPACK.DLL : 8.2.10.10 684407 Bytes 05.09.2011 07:42:36
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 31.07.2011 21:06:34
AEHEUR.DLL : 8.1.2.167 3690871 Bytes 11.09.2011 21:23:33
AEHELP.DLL : 8.1.17.7 254327 Bytes 31.07.2011 21:06:27
AEGEN.DLL : 8.1.5.9 401780 Bytes 26.08.2011 19:19:15
AEEMU.DLL : 8.1.3.0 393589 Bytes 03.02.2011 22:07:49
AECORE.DLL : 8.1.23.0 196983 Bytes 26.08.2011 19:19:12
AEBB.DLL : 8.1.1.0 53618 Bytes 03.02.2011 22:07:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:59:10
AVPREF.DLL : 10.0.3.2 44904 Bytes 30.06.2011 19:58:22
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 08:27:54
AVARKT.DLL : 10.0.26.1 255336 Bytes 30.06.2011 19:58:22
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 30.06.2011 19:58:22
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 15:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 14:40:55
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 30.06.2011 19:58:21
RCTEXT.DLL : 10.0.64.0 98664 Bytes 30.06.2011 19:58:21

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PFS,+SPR,

Beginn des Suchlaufs: Montag, 12. September 2011 13:17

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OTL.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisTSR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VM331_STI.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisDSService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisService.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '148' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <System>
C:\8cf3179403b96ed4bec13247e9\netfx_CoreLP.mzz
[0] Archivtyp: CAB (Microsoft)
--> NlsLexicons0007_amd64.dll
[WARNUNG] Die Datei konnte nicht geschrieben werden!
C:\Users\Der B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-4eb81d6e
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Dldr.Tharra.E
Beginne mit der Suche in 'E:\' <Musik, Filme & Programme>
Beginne mit der Suche in 'D:\' <R6VEGAS>

Beginne mit der Desinfektion:
C:\Users\Der B\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\43296140-4eb81d6e
[FUND] Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Dldr.Tharra.E
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4891ab59.qua' verschoben!


Ende des Suchlaufs: Montag, 12. September 2011 15:07
Benötigte Zeit: 1:50:25 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

58452 Verzeichnisse wurden überprüft
734093 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
734092 Dateien ohne Befall
5170 Archive wurden durchsucht
1 Warnungen
1 Hinweise

Antwort

Themen zu Virus Fund HTML/Dldr.Tharra.E
32-bit, 7-zip, adobe, antivir, askbar, autorun, bho, c:\windows\system32\rundll32.exe, defender, desktop, dll, document, error, excel, explorer, firefox, flash player, google, grand theft auto, html/dldr.tharra.e, install.exe, kunde, langs, lenovo, lightning, microsoft office word, mozilla, mozilla thunderbird, nt.dll, plug-in, realtek, registry, required, rundll, scan, security, shell32.dll, shortcut, sketchup, software, trojaner, unbekannter virus, usb, usb 2.0, verweise, virus, virus fund, virus gefunden, webcheck, windows, winlogon.exe


« regelmäßig wiederkehrender Firefox Freeze für 1 Minute oder mehr | BKA Trojaner - nichts geht mehr... »


Ähnliche Themen: Virus Fund HTML/Dldr.Tharra.E


  1. Avira Fund HTML infected.WebPage.Gen2
    Log-Analyse und Auswertung - 31.07.2015 (11)
  2. Win7: Avira meldet Virus Fund 'JAVA/Dldr.Pesur.JE'
    Log-Analyse und Auswertung - 11.05.2015 (17)
  3. Avira meldet Fund auf PC => HTML/Framer.EB.16
    Log-Analyse und Auswertung - 08.03.2014 (11)
  4. Win 7, Avira Fund: HTML/ExpKit.Gen3 [Virus], in: Temporary Internet Files
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (9)
  5. Avira Virus Fund - Java/DLDR.KARA.AN.2
    Log-Analyse und Auswertung - 29.11.2012 (21)
  6. JAVA/Dldr.Tharra.G und EXP/CVE-2010-0840
    Log-Analyse und Auswertung - 18.01.2012 (11)
  7. langsames System mit HTML/Rce.Gen-Fund
    Plagegeister aller Art und deren Bekämpfung - 30.11.2011 (5)
  8. Virenfund !! HTML Scriptvirus HTML/Dldr.Dawn.X1 Was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.11.2011 (25)
  9. TR/EyeStye.N.313 + JAVA/Dldr.Tharra.G gefunden... Was ist zu tun?
    Log-Analyse und Auswertung - 28.08.2011 (27)
  10. JAVA-Virus JAVA/Dldr.Tharra.E
    Plagegeister aller Art und deren Bekämpfung - 31.07.2011 (19)
  11. Avira Fund: HTML/Infected.WebPage.Gen, Virus, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (6)
  12. Fund eines html-scriptvirus/silly.gen
    Log-Analyse und Auswertung - 23.09.2009 (1)
  13. 8 mal svchost.exe,1 mit fund von html-scriptvirus
    Plagegeister aller Art und deren Bekämpfung - 03.11.2008 (6)
  14. Werbefenster für Virenprogramme im 2 Minutentakt,Antivir fund HTML/Dldr.Advance.A,
    Plagegeister aller Art und deren Bekämpfung - 13.03.2008 (1)
  15. TR/Dldr.HTML.Agent.IS - Virus öffnet sich zigfach
    Plagegeister aller Art und deren Bekämpfung - 18.02.2008 (3)
  16. HTML-Scriptvirus HTML/Dldr.Age.48568
    Plagegeister aller Art und deren Bekämpfung - 06.04.2007 (5)
  17. TR/Dldr.Delf.DG | TR/StartPage.IG | TR/Dldr.Small.YX.1 | HTML script virus | dialer
    Log-Analyse und Auswertung - 14.04.2005 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus Fund HTML/Dldr.Tharra.E - Hallo! Ich habe heute morgen beim Scannen meines Laptops folgenden Virus gefunden: HTML/Dldr.Tharra.E Avira AntiVir hat leider keine näheren Informationen dazu. Den Ordner "Trojaner" auf dem Desktop hab ich selbst - Virus Fund HTML/Dldr.Tharra.E...
Archiv
Du betrachtest: Virus Fund HTML/Dldr.Tharra.E auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55