|
Log-Analyse und Auswertung: Unbekannter SchädlingWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.12.2011, 00:23 | #1 |
| Unbekannter Schädling Hallo zusammen, jetzt brauch ich auch mal eure Hilfe. Das vorne weg: Ich hatte dieses Problem schon einmal, allerdings habe ich da einfach das System neu aufgesetzt, weil es sowieso mal wieder nötig war. Das möchte ich diesmal vermeiden. Folgendes Problem: Seit heute morgen startet Windows (Vista Home Premium SP2, Updates auf dem neuesten Stand) nicht mehr normal. Nach ca. 2 Minuten, unabhängig ob ich mich einlogge oder nicht, erscheint ein Bluescreen (Windows is shutting down in order to prevent damage...) und der PC startet neu, wobei die Leier aufs neue beginnt. Im abgesicherten Modus lässt es sich normal und stabil starten. Antivirenprogramme (FreeAV) sind hier und auch wenn ich beim normalen Start schnell bin blockiert. Wie gesagt, ich hatte das Problem schon einmal und habe da schon etwas rumprobiert: Setze ich auf einen Sicherungspunkt zurück, funktioniert Windows ca. bis zum nächsten Neustart. Alle gängigen Online-Virenscanner finden nichts oder maximal eine Datei, was jedoch das Problem nicht löst. Direkt wissen, wo ich mir das Ding eingefangen habe und wie tu ich auch nicht. Könnt ihr mir weiterhelfen? Vielen Dank schon mal im Voraus für eure Bemühungen! lg Hier der BSOD-Fehlercode: Code:
ATTFilter ****STOP: 0x0000007E (0xFFFFFFFF80000003, 0xFFFFF8000229C700, 0xFFFFFA60097591E8, 0xFFFFFA6009758BCO) Code:
ATTFilter OTL logfile created on: 19.12.2011 23:43:30 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\hedgehog 4-19\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,41% Memory free 8,21 Gb Paging File | 7,56 Gb Available in Paging File | 92,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 329,73 Gb Free Space | 70,79% Space Free | Partition Type: NTFS Drive R: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive S: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive T: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive U: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive V: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive W: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive X: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive Y: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive Z: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Computer Name: STRANGE | User Name: hedgehog 4-19 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\hedgehog 4-19\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes\mbamservice.exe (Malwarebytes Corporation) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsmux) -- C:\Windows\SysNative\DRIVERS\acsmux64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsint) -- C:\Windows\SysNative\DRIVERS\acsint64.sys (Cisco Systems, Inc.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (vNICdrv) -- C:\Windows\SysNative\DRIVERS\vNICdrv.sys (Iomega Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A AC 57 19 09 B9 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [UpdateUSB] C:\Windows\inf\UpdateUSB.exe (AsusTek Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\hedgehog 4-19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8F06DFF-0E0C-488E-BBB6-01BEF64F0B01}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4B2D17D-8199-4CAA-A34E-D474FAA62170}: Domain = uni-muenchen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4B2D17D-8199-4CAA-A34E-D474FAA62170}: NameServer = 10.156.33.53,129.187.5.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1983636f-0a27-11e1-b597-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1983636f-0a27-11e1-b597-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.12.19 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\AppData\Roaming\Malwarebytes [2011.12.19 22:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2011.12.19 22:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.19 22:47:48 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.19 22:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes [2011.12.19 22:45:29 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\hedgehog 4-19\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.19 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.19 20:11:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\hedgehog 4-19\Desktop\esetsmartinstaller_enu.exe [2011.12.19 19:36:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\hedgehog 4-19\Desktop\OTL.exe [2011.12.19 19:19:02 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\hedgehog 4-19\Desktop\HiJackThis.exe [2011.12.19 00:55:09 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\.CAS [2011.12.19 00:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2011.12.19 00:43:05 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\AppData\Local\Cisco [2011.12.19 00:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco [2011.12.19 00:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2011.12.18 17:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync [2011.12.17 02:24:56 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\AppData\Local\Microsoft Games [2011.12.16 01:27:37 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\Desktop\Music [2011.12.16 01:23:17 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\Desktop\Backups [2011.12.16 01:20:07 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\Desktop\Documents [2011.12.14 23:30:49 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.14 23:30:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.14 23:30:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.14 23:30:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.14 23:30:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.14 23:30:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.14 23:30:47 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.14 23:30:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.14 23:30:46 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.14 23:30:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.14 23:30:45 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.14 22:22:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.14 22:22:08 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.14 22:22:08 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.14 20:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.14 20:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.14 20:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.13 13:11:49 | 000,000,000 | ---D | C] -- C:\usr [2011.12.09 17:47:17 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\Documents\My Photos [2011.12.09 17:47:17 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\Documents\My Documents [2011.12.09 17:43:04 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.12.08 14:14:06 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\AppData\Roaming\TrueCrypt [2011.12.06 01:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Calendar Sync [2011.12.06 01:06:48 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\AppData\Local\Google [2011.12.06 01:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011.12.05 23:59:06 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\Desktop\Arbeit [2011.12.04 18:51:40 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM [2011.12.03 13:16:37 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\Desktop\cd [2011.11.30 01:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2011.11.30 01:46:16 | 000,000,000 | ---D | C] -- C:\Users\hedgehog 4-19\AppData\Roaming\FileZilla [2011.11.24 20:21:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.19 23:42:25 | 000,302,592 | ---- | M] () -- C:\Users\hedgehog 4-19\Desktop\lb9j5eww.exe [2011.12.19 22:47:51 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.19 22:45:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\hedgehog 4-19\Desktop\mbam-setup-1.51.2.1300.exe [2011.12.19 20:54:01 | 000,061,088 | ---- | M] () -- C:\Users\hedgehog 4-19\Desktop\comodo.xml [2011.12.19 20:11:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\hedgehog 4-19\Desktop\esetsmartinstaller_enu.exe [2011.12.19 19:36:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\hedgehog 4-19\Desktop\OTL.exe [2011.12.19 19:22:15 | 000,089,088 | ---- | M] () -- C:\Users\hedgehog 4-19\Desktop\mbr.exe [2011.12.19 19:19:02 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\hedgehog 4-19\Desktop\HiJackThis.exe [2011.12.19 19:00:29 | 000,001,460 | ---- | M] () -- C:\Users\hedgehog 4-19\AppData\Local\d3d9caps64.dat [2011.12.19 18:44:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.19 18:44:18 | 422,517,479 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.19 18:41:43 | 000,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.19 18:41:42 | 000,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 22:45:05 | 000,098,304 | ---- | M] () -- C:\Users\hedgehog 4-19\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.18 17:19:51 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2011.12.18 16:07:52 | 000,183,876 | ---- | M] () -- C:\Users\hedgehog 4-19\Desktop\BGR.jpg [2011.12.17 22:47:41 | 000,041,110 | ---- | M] () -- C:\Users\hedgehog 4-19\Desktop\BGR_hd.jpg [2011.12.15 07:29:45 | 000,513,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.11 22:18:40 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.11 22:18:40 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.11 22:18:40 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.11 22:18:40 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.11 22:18:40 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.09 01:59:39 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.06 01:06:49 | 000,002,045 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk [2011.12.06 01:06:49 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Google Calendar.lnk [2011.12.04 18:51:40 | 000,000,865 | ---- | M] () -- C:\Users\hedgehog 4-19\Desktop\Miranda IM.lnk [2011.11.30 01:47:20 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2011.11.29 20:38:25 | 004,572,035 | ---- | M] () -- C:\Users\hedgehog 4-19\Desktop\Klausuren.zip [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.19 23:42:25 | 000,302,592 | ---- | C] () -- C:\Users\hedgehog 4-19\Desktop\lb9j5eww.exe [2011.12.19 22:47:51 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.19 20:54:00 | 000,061,088 | ---- | C] () -- C:\Users\hedgehog 4-19\Desktop\comodo.xml [2011.12.19 19:22:15 | 000,089,088 | ---- | C] () -- C:\Users\hedgehog 4-19\Desktop\mbr.exe [2011.12.18 17:19:51 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2011.12.18 16:07:52 | 000,183,876 | ---- | C] () -- C:\Users\hedgehog 4-19\Desktop\BGR.jpg [2011.12.17 22:47:41 | 000,041,110 | ---- | C] () -- C:\Users\hedgehog 4-19\Desktop\BGR_hd.jpg [2011.12.06 01:06:49 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\Google Calendar.lnk [2011.12.06 01:06:48 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk [2011.12.05 21:34:56 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2011.11.29 20:38:24 | 004,572,035 | ---- | C] () -- C:\Users\hedgehog 4-19\Desktop\Klausuren.zip [2011.11.17 20:52:19 | 000,000,036 | ---- | C] () -- C:\Users\hedgehog 4-19\AppData\Local\housecall.guid.cache [2011.11.10 22:45:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011.11.10 22:44:05 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011.11.10 22:42:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011.11.10 18:01:39 | 000,098,304 | ---- | C] () -- C:\Users\hedgehog 4-19\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.09 18:40:15 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011.11.08 20:48:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.08 20:36:33 | 000,031,749 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.11.08 20:32:09 | 000,001,460 | ---- | C] () -- C:\Users\hedgehog 4-19\AppData\Local\d3d9caps64.dat [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.12.28 16:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2011.12.18 01:47:54 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\FileZilla [2011.12.18 17:20:45 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\HTC [2011.12.09 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.11.09 19:05:39 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\Leadertech [2011.11.15 00:19:10 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\Mestrelab Research S.L [2011.09.24 21:12:17 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\Miranda [2011.11.09 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\OpenOffice.org [2011.11.09 23:19:05 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\Opera [2011.12.05 21:34:27 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\TeamViewer [2011.12.08 17:31:13 | 000,000,000 | ---D | M] -- C:\Users\hedgehog 4-19\AppData\Roaming\TrueCrypt [2011.12.19 04:15:02 | 000,023,810 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.08 20:32:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.10.14 16:00:33 | 000,000,000 | -H-D | M] -- C:\ASUS.000 [2011.09.24 19:50:40 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS [2011.11.12 13:41:17 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 16:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.09.24 15:35:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.24 20:06:01 | 000,000,000 | -H-D | M] -- C:\dvmexp [2011.10.14 22:24:24 | 000,000,000 | -HSD | M] -- C:\found.000 [2011.11.05 17:43:18 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.10.15 23:10:41 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 04:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.14 20:52:50 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.19 22:47:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.19 22:47:50 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.09.24 15:35:17 | 000,000,000 | -HSD | M] -- C:\Programme [2011.12.19 00:42:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.24 20:06:01 | 000,000,000 | -H-D | M] -- C:\temp [2011.11.08 21:06:52 | 000,000,000 | R--D | M] -- C:\Users [2011.12.13 13:11:49 | 000,000,000 | ---D | M] -- C:\usr [2011.09.24 21:02:24 | 000,000,000 | -H-D | M] -- C:\VritualRoot [2011.12.19 18:44:27 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys [2009.04.11 06:44:24 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys [2011.04.21 14:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys [2011.04.21 14:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys [2011.04.21 14:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys [2008.01.21 03:48:18 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB37041AB857ABC7E179E856D8E1582C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe [2008.01.21 03:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe [2008.01.21 03:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.12.2011 23:43:31 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\hedgehog 4-19\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,41% Memory free 8,21 Gb Paging File | 7,56 Gb Available in Paging File | 92,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 329,73 Gb Free Space | 70,79% Space Free | Partition Type: NTFS Drive R: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive S: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive T: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive U: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive V: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive W: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive X: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive Y: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Drive Z: | 1842,86 Gb Total Space | 1247,13 Gb Free Space | 67,67% Space Free | Partition Type: NTFS Computer Name: pc_name | User Name: hedgehog 4-19 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 34 98 2A 51 38 A1 CC 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04ED9A97-5DB1-4264-B05E-E56BC4361A6C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{11386721-1E98-4DD8-A3D8-ACA4B3E5C79B}" = lport=137 | protocol=17 | dir=in | app=system | "{187F4351-3F9C-4D07-9E28-3A65697AEEB5}" = rport=137 | protocol=17 | dir=out | app=system | "{37B9DDD3-81E5-4EB5-8016-F93DCF28E867}" = lport=445 | protocol=6 | dir=in | app=system | "{39BCBE02-4D06-4CA4-83C2-07A571F65348}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3A111D13-3CFE-4BCB-8FE6-C574C2EAFDB8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3F082AC8-22D4-42AE-AD1D-71196D54EE4D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4E91FE70-5C3C-4B69-A68E-A7EDF0DA6AC2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{519C07CC-3777-4990-A5D9-3745C7025D3F}" = rport=445 | protocol=6 | dir=out | app=system | "{65834AD7-F42B-45D8-96C1-C473A14D17BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6B80D079-ECB5-4E2C-B32A-960875F9DFA6}" = lport=138 | protocol=17 | dir=in | app=system | "{7CE7D39F-1983-4F98-9EA0-501C3CC4CC8E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{811C95A7-B659-422E-B1DF-C9B7A3DD0951}" = rport=139 | protocol=6 | dir=out | app=system | "{85FAB648-862B-4A18-BE83-DAB7FF096709}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9813A108-7DA1-46F6-8A97-D1C4302AC286}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CC272010-CE3F-4963-A072-59AD47C388A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CE4A7407-2EE4-4408-876A-8009DCB132B0}" = rport=138 | protocol=17 | dir=out | app=system | "{DE196A6F-EF17-41E1-999D-699DB69CE1B5}" = lport=139 | protocol=6 | dir=in | app=system | "{E0892E82-A41D-4916-93D3-EC672D75EDED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01BDB7BE-861E-48CC-9D5E-758D6DFBA785}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{0371B582-CA9F-4707-9851-860D48C6D2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{1CDDD232-6EDF-42E9-A762-5C092ADEB132}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{2F7C5881-DDED-4E25-AE99-86CDD3A7CAF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5173A717-1C3E-476E-9625-44FE79BB6A12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5D17A570-D076-4F7F-9964-8D6FBA3E76AB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{691945E3-A84D-4CF4-B670-AAC1CA288532}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6B962AF0-BEB2-4E05-9E1C-FEC9FAC6599E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6C210557-27D6-4395-8F9C-50E7D154CE8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{70F78663-75E8-4351-91C7-A95080E45498}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{771D22DA-FA56-4490-9AD5-5A2571F7C5FE}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{869E92AB-0275-4E3C-8345-3AD2076DEF68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B0F7210E-6738-4BF5-B5FA-7BA6689B9867}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{BD149CE3-18C9-4865-81EB-3609E795C1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{BDB9BAA6-44CB-4F90-9F1F-C9E353DE57A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E979D6FF-E342-4CBB-88C9-2FFB0317BD80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EA984E77-96D6-407F-9E6B-2A5459A636CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F20FE691-0C39-4AAC-AD3E-9B506601DC50}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F3F1B755-440E-446C-9AEB-9D05AC835973}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F57AFFF0-9447-400F-B53D-EB2CB367A5EB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{A80E1177-DC51-4364-8FC0-7704186233BC}C:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | "UDP Query User{06AA06F2-D7EA-4969-A3B3-382BC739D2C3}C:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega storage manager\iomegastoragemanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.01 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "Kyocera Product Library" = Kyocera Product Library "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "sp6" = Logitech SetPoint 6.32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{526B2AE8-73DF-4CE0-B140-9968677A7C93}" = HTC Sync "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client "{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010 "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "ESET Online Scanner" = ESET Online Scanner v3 "FileZilla Client" = FileZilla Client 3.5.2 "Google Calendar Sync" = Google Calendar Sync "HijackThis" = HijackThis 2.0.2 "Iomega Storage Manager" = Iomega Storage Manager "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "MestReNova LITE" = MestReNova LITE 5.2.5-5780 "Miranda IM" = Miranda IM 0.9.37 "Office14.SingleImage" = Microsoft Office Professional 2010 "Opera 11.52.1100" = Opera 11.52 "sv.net" = sv.net "TeamViewer 7" = TeamViewer 7 "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 1.1.11 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.12.2011 19:43:08 | Computer Name = pc_name | Source = acvpninstall | ID = 67108866 Description = Error - 18.12.2011 19:43:08 | Computer Name = pc_name | Source = acvpninstall | ID = 67108866 Description = Error - 18.12.2011 19:43:08 | Computer Name = pc_name | Source = acvpninstall | ID = 67108866 Description = Error - 18.12.2011 19:43:08 | Computer Name = pc_name | Source = acvpninstall | ID = 67108866 Description = Error - 18.12.2011 19:43:08 | Computer Name = pc_name | Source = acvpninstall | ID = 67108866 Description = Error - 18.12.2011 19:43:08 | Computer Name = pc_name | Source = acvpninstall | ID = 67108866 Description = Error - 19.12.2011 13:46:17 | Computer Name = pc_name | Source = WinMgmt | ID = 10 Description = Error - 19.12.2011 13:59:19 | Computer Name = pc_name | Source = EventSystem | ID = 4609 Description = Error - 19.12.2011 14:43:57 | Computer Name = pc_name | Source = System Restore | ID = 8193 Description = Error - 19.12.2011 15:11:58 | Computer Name = pc_name | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\hedgehog 4-19\Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 18.12.2011 23:14:53 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp Line: 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description: Eine vorhandene Verbindung wurde vom Remotehost geschlossen. Error - 18.12.2011 23:14:53 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp Line: 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description: unknown Error - 18.12.2011 23:14:53 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp Line: 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE Error - 18.12.2011 23:14:53 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line: 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 (0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE Error - 18.12.2011 23:14:53 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp Line: 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene Verbindung wurde vom Remotehost geschlossen. Error - 18.12.2011 23:14:53 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp Line: 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE Error - 18.12.2011 23:15:01 | Computer Name = pc_name | Source = acvpnagent | ID = 67110873 Description = Termination reason code 9: Client PC is shutting down. Error - 19.12.2011 13:39:06 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>. Host discarded. Error - 19.12.2011 13:39:07 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: CCvcConfig::CCvcConfig File: .\vpnconfig.cpp Line: 553 Invoked Function: CCvcConfig::readConfigParamFromFile Return Code: -33030135 (0xFE080009) Description: CVCCONFIG_ERROR_UNEXPECTED Error - 19.12.2011 13:41:45 | Computer Name = pc_name | Source = acvpnagent | ID = 67108866 Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>. Host discarded. [ System Events ] Error - 19.12.2011 13:45:01 | Computer Name = pc_name | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 19.12.2011 um 18:42:22 unerwartet heruntergefahren. Error - 19.12.2011 13:46:18 | Computer Name = pc_name | Source = Service Control Manager | ID = 7001 Description = Error - 19.12.2011 13:46:18 | Computer Name = pc_name | Source = Service Control Manager | ID = 7026 Description = Error - 19.12.2011 13:59:03 | Computer Name = pc_name | Source = DCOM | ID = 10005 Description = Error - 19.12.2011 13:59:19 | Computer Name = pc_name | Source = DCOM | ID = 10005 Description = Error - 19.12.2011 13:59:22 | Computer Name = pc_name | Source = DCOM | ID = 10005 Description = Error - 19.12.2011 13:59:30 | Computer Name = pc_name | Source = DCOM | ID = 10005 Description = Error - 19.12.2011 14:38:00 | Computer Name = pc_name | Source = DCOM | ID = 10005 Description = Error - 19.12.2011 17:42:41 | Computer Name = pc_name | Source = DCOM | ID = 10005 Description = Error - 19.12.2011 18:44:59 | Computer Name = pc_name | Source = DCOM | ID = 10005 Description = < End of report > Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:03:10, on 19.12.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode with network support Running processes: C:\Windows\SysWOW64\explorer.exe C:\Users\hedgehog 4-19\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: Iomega Storage Manager.lnk = C:\Program Files (x86)\Iomega Storage Manager\IomegaStorageManager.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} (VPNWeb Control) - vpnweb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E4B2D17D-8199-4CAA-A34E-D474FAA62170}: Domain = uni-muenchen.de O17 - HKLM\System\CCS\Services\Tcpip\..\{E4B2D17D-8199-4CAA-A34E-D474FAA62170}: NameServer = 10.156.33.53,129.187.5.1 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8673 bytes Geändert von hedgehog4-19 (20.12.2011 um 00:51 Uhr) Grund: informationen ergänzt |
20.12.2011, 01:05 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Schädling Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
20.12.2011, 01:19 | #3 |
| Unbekannter Schädling wusste doch, dass ich noch was vergessen habe:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8399 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 9.0.8112.16421 19.12.2011 23:30:54 mbam-log-2011-12-19 (23-30-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 339050 Laufzeit: 41 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d162cddae74069468a59a1d4e3190a27 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-19 09:39:20 # local_time=2011-12-19 10:39:20 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1792 16777215 100 0 3471685 3471685 0 0 # compatibility_mode=3073 16777214 80 71 3386984 6317255 0 0 # compatibility_mode=5892 16776638 100 45 123445457 161850744 0 0 # compatibility_mode=8192 67108863 100 0 8517 8517 0 0 # scanned=166272 # found=1 # cleaned=0 # scan_time=3922 C:\Users\hedgehog 4-19\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\1a5a1822-20d48693 a variant of Java/TrojanDownloader.Agent.NDI trojan (unable to clean) 00000000000000000000000000000000 I |
20.12.2011, 09:13 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Schädling Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
20.12.2011, 11:28 | #5 |
| Unbekannter Schädling Leider habe ich die Logs nicht mehr, die habe ich vergessen zu backupn, als es mir Windows das erste mal zerlegt hat. |
20.12.2011, 13:39 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannter Schädling Naja, die Logs von dem mittlerweile wegformatierten Windows wären eh nicht mehr relevant. Ist die Frage ob es noch weitere Funde mit dieser (noch nicht wegformatierten) Windows-Installation gab und wenn ja welche.
__________________ --> Unbekannter Schädling |
Themen zu Unbekannter Schädling |
64-bit, 7-zip, acrobat update, autorun, avira, bho, bluescreen, bonjour, c:\windows\system32\rundll32.exe, document, down, fehler, flash player, google, hijack, home, install.exe, jdownloader, langs, launch, log datei, logfiles, maximal, mbamservice.exe, microsoft office word, neu aufgesetzt, neustart., nvidia update, plug-in, problem, realtek, registry, required, richtlinie, rundll, scan, scanner finden nichts, sched.exe, schädling, security, senden, software, svchost.exe, system, system neu, unbekannter virus, updates, version., version=1.0, vista, windows |