| |
| |||||||
Log-Analyse und Auswertung: Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.12.2011, 03:30
| #1 |
 |  Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Hallo, nachdem sich bei mir seit heute ständig ein neues, weißes Fenster vom IE 9 öffnet, dachte ich, ich könnte mit BitDefender ja mal eine Tiefe Systemprüfung ausführen. Gesagt, getan. Gefunden wurde in meinem Outlook Mail Archiv dieses Ding da: Trojan.Generic.6779472 Entfernen ging nicht, ignorieren wollte ich nicht und da ich nicht richtig gelesen habe, verschob ich das Ding in die Quarantäne (also das gesamte eMail-Archiv). Seitdem startet mein Outlook nicht mehr, es erscheint folgende Meldung: Der Ordner kann nicht angezeigt werden. Auf den angegebenen Ordnerspeicherort kann von Microsoft Office Outlook nicht zugegriffen werden. Die Messaging-Programmschnittstelle hat einen unbekannten Fehler zurückgeliefert. Falls das Problem weiter besteht, starten Sie Outlook neu. Dieses Element kann von Outlook nicht geöffnet werden. Das Element ist möglicherweise beschädigt. .pst Datei irgendwie beschädigt, nehme ich an, nachdem ich so ein bisschen gegoogled und allerlei Dinge ausprobiert hab. Schritt 2 war ein Scann mit Malwarebytes, fand nichts. Dieser wiederum blockiert nun ständig eine schädliche Website mit der IP: 82.98.97.183 (und diversen anderen Endziffern). defogger hat mich nicht gefragt, ob ich neu starten möchte, obwohl ich alles wie in der Anleitung beschrieben ausgeführt habe. defogger_disable Log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 03:14 on 23/12/2011 (Blubb) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=-OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/23/2011 3:24:55 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Blubb\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5.87 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 57.50% Memory free 11.73 Gb Paging File | 8.86 Gb Available in Paging File | 75.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917.55 Gb Total Space | 725.71 Gb Free Space | 79.09% Space Free | Partition Type: NTFS Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe PRC - [2011/12/10 12:53:44 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011/12/08 21:15:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe PRC - [2011/12/08 21:15:20 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/08/01 09:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2011/12/08 21:15:20 | 000,108,320 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll MOD - [2011/12/08 21:15:20 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll MOD - [2011/10/13 08:01:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/04/06 04:54:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/05/19 05:37:01 | 000,409,672 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/03/24 11:43:38 | 002,299,656 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV) SRV:64bit: - [2010/03/12 15:42:40 | 000,393,728 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV:64bit: - [2009/10/19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. hxxp://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/09/28 16:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2010/06/19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/05/19 05:37:12 | 000,089,680 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/22 13:57:54 | 000,347,336 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2010/01/29 13:47:04 | 000,163,936 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM) DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Blubb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) O1 HOSTS File: ([2011/05/29 13:38:12 | 000,434,670 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14957 more lines... O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Facebook Update] C:\Users\Blubb\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DieKuhIstWeg.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/23 03:23:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe [2011/12/23 01:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/23 01:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/15 00:36:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/12/15 00:35:01 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/12/15 00:35:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/12/15 00:35:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/12/15 00:35:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011/12/15 00:35:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011/12/15 00:35:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/12/15 00:34:59 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011/12/15 00:34:59 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011/12/15 00:34:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011/12/15 00:34:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/12/15 00:34:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/12/15 00:31:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011/12/15 00:31:36 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011/12/15 00:31:36 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011/12/12 17:15:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2011/12/12 17:15:40 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Canon [2011/12/08 21:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/12/08 21:31:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2011/12/08 21:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/12/08 21:15:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011/12/08 21:15:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011/12/08 21:15:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/23 03:23:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe [2011/12/23 03:12:07 | 000,050,477 | ---- | M] () -- C:\Users\Blubb\Desktop\Defogger.exe [2011/12/23 03:11:49 | 000,000,000 | ---- | M] () -- C:\Users\Blubb\defogger_reenable [2011/12/23 02:16:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/23 02:16:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/23 02:13:18 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/23 02:13:18 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/12/23 02:13:18 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/23 02:13:18 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/12/23 02:13:18 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/23 02:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/23 02:08:44 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys [2011/12/23 02:08:18 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv [2011/12/23 01:55:57 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/23 01:32:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job [2011/12/22 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job [2011/12/20 13:29:13 | 002,008,352 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG [2011/12/17 12:30:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job [2011/12/15 10:59:52 | 002,353,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/12/14 02:39:48 | 000,172,155 | ---- | M] () -- C:\Users\Blubb\Desktop\IMG_0446.PNG [2011/12/10 12:53:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/12/08 21:31:28 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011/12/08 21:15:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011/12/08 21:15:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011/12/08 21:15:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011/12/08 21:15:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011/12/06 02:04:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job [2011/12/02 23:20:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/23 03:12:07 | 000,050,477 | ---- | C] () -- C:\Users\Blubb\Desktop\Defogger.exe [2011/12/23 03:11:49 | 000,000,000 | ---- | C] () -- C:\Users\Blubb\defogger_reenable [2011/12/23 01:55:57 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/20 13:30:58 | 002,008,352 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0448.JPG [2011/12/14 19:13:01 | 000,172,155 | ---- | C] () -- C:\Users\Blubb\Desktop\IMG_0446.PNG [2011/12/08 21:31:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011/12/02 23:20:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf [2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml [2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI [2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon [2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender [2011/12/12 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon [2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox [2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP [2011/12/23 02:09:34 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ [2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin [2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover [2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak [2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch [2011/12/22 22:32:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000Core.job [2011/12/23 01:32:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3701193968-2768520944-2608497257-1000UA.job [2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/23/2011 3:24:55 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5.87 Gb Total Physical Memory | 3.37 Gb Available Physical Memory | 57.50% Memory free
11.73 Gb Paging File | 8.86 Gb Available in Paging File | 75.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 725.71 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8D7A8160-B777-4073-B1BE-62CFDD14A1D3}" = BitDefender Antivirus 2010
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"EasyBits Magic Desktop" = Magic Desktop
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mario Forever 5.01" = Mario Forever 5.01
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MusicStationNetstaller" = MusicStation
"My HP Game Console" = HP Game Console
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Ich hoffe, ich habe alles richtig gemacht. Geändert von interaktion (23.12.2011 um 03:53 Uhr) |
|
23.12.2011, 18:00
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtZitat:
Man sllte wissen, dass Virenscanner Fehlalarme haben oder gerade bei Postfächern logischerweise einige Anhänge finden können die Schadcode beinhalten. Diese Anhänge liegen aber einfach nur inaktiv in der Mailbox da muss nichts hysterisch sofort gelöscht werden. Stell die Mailboxdatei wieder her und lass sie in Ruhe also nicht mehr vom Virenscanner untersuchen. Wenn man Mails prüfen will mit einem Scanner braucht dieser Scanner extra eine Funktion für E-Mail Scans. Aber auf Dateiebene darauf losgehen kann nur in die Hose gehen! Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
23.12.2011, 23:55
| #3 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Hallo,
__________________vielen lieben Dank, dass du dich mir DAU angenommen hast *g. Das sich ständig öffnende Fenster ist seit heute Morgen wundersamerweise nicht mehr aufgetreten. Malwarebytes blockt aber trotzdem weiterhin ab und zu diese IP da. Outlook.pst hatte ich gestern schon aus der Quarantäne entfernen wollen, was aber nicht funktioniert hat, also wählte ich die Option "zurücksetzen" - danach konnte ich es auch löschen. Outlook ließ sich trotzdem nicht starten und zeigte die genannte Nachricht an. Ich hab dann ein bisschen gegoogled und mit diesem ScanFixpst (oder wie das Ding heißt) versucht, meine .pst Datei zu retten. Sie war aber gar nicht mehr im Verzeichnis! Dann hab ich sie manuell gesucht und sie da reinkopiert... Dann versucht zu "fixen", hat aber trotzdem nicht geholfen... Hilft da noch irgendwas? Malwarebytes von gerade eben: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122308
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
23.12.2011 20:22:33
mbam-log-2011-12-23 (20-22-33).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 411206
Laufzeit: 58 Minute(n), 43 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122307
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
23.12.2011 16:24:07
mbam-log-2011-12-23 (16-24-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 410959
Laufzeit: 53 Minute(n), 11 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Protection-Log: Code:
ATTFilter 01:56:57 Blubb MESSAGE Protection started successfully
01:57:00 Blubb MESSAGE IP Protection started successfully
02:05:45 Blubb IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 52353, Process: svchost.exe)
02:09:27 Blubb MESSAGE Protection started successfully
02:09:31 Blubb MESSAGE IP Protection started successfully
02:19:41 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49702, Process: svchost.exe)
02:19:41 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49703, Process: svchost.exe)
02:19:41 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49704, Process: svchost.exe)
02:19:41 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49705, Process: svchost.exe)
02:29:42 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50364, Process: svchost.exe)
02:29:42 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50365, Process: svchost.exe)
02:29:42 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50366, Process: svchost.exe)
02:29:42 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50367, Process: svchost.exe)
02:39:40 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50993, Process: svchost.exe)
02:39:40 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50994, Process: svchost.exe)
02:39:40 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50995, Process: svchost.exe)
02:39:40 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50996, Process: svchost.exe)
02:49:46 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51707, Process: svchost.exe)
02:49:46 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51708, Process: svchost.exe)
02:49:46 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51709, Process: svchost.exe)
02:49:46 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51710, Process: svchost.exe)
02:59:43 Blubb IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 52650, Process: svchost.exe)
03:09:39 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53245, Process: svchost.exe)
03:09:39 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53246, Process: svchost.exe)
03:09:39 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53247, Process: svchost.exe)
03:09:39 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53248, Process: svchost.exe)
03:19:41 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53817, Process: svchost.exe)
03:19:41 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53818, Process: svchost.exe)
03:19:41 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53819, Process: svchost.exe)
03:19:41 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53820, Process: svchost.exe)
03:29:43 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 54246, Process: svchost.exe)
03:29:43 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 54247, Process: svchost.exe)
03:29:43 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 54248, Process: svchost.exe)
03:29:43 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 54249, Process: svchost.exe)
03:39:45 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 54670, Process: svchost.exe)
03:39:45 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 54671, Process: svchost.exe)
03:39:45 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 54672, Process: svchost.exe)
03:39:45 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 54673, Process: svchost.exe)
03:49:46 Blubb IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 55329, Process: svchost.exe)
03:59:40 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 56028, Process: svchost.exe)
03:59:40 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 56029, Process: svchost.exe)
03:59:40 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 56030, Process: svchost.exe)
03:59:40 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 56031, Process: svchost.exe)
04:09:42 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 57040, Process: svchost.exe)
04:09:42 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 57041, Process: svchost.exe)
04:09:42 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 57042, Process: svchost.exe)
04:09:42 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 57043, Process: svchost.exe)
04:19:44 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 58233, Process: svchost.exe)
04:19:44 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 58234, Process: svchost.exe)
04:19:44 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 58235, Process: svchost.exe)
04:19:44 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 58236, Process: svchost.exe)
04:29:46 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 59060, Process: svchost.exe)
04:29:46 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 59061, Process: svchost.exe)
04:29:46 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 59062, Process: svchost.exe)
04:29:46 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 59063, Process: svchost.exe)
04:39:48 Blubb IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 59957, Process: svchost.exe)
04:49:43 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 60909, Process: svchost.exe)
04:49:43 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 60910, Process: svchost.exe)
04:49:43 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 60911, Process: svchost.exe)
04:49:43 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 60912, Process: svchost.exe)
04:59:44 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 61410, Process: svchost.exe)
04:59:44 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 61411, Process: svchost.exe)
04:59:45 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 61412, Process: svchost.exe)
04:59:45 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 61413, Process: svchost.exe)
05:09:46 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 62350, Process: svchost.exe)
05:09:47 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 62351, Process: svchost.exe)
05:09:47 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 62352, Process: svchost.exe)
05:09:47 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 62353, Process: svchost.exe)
05:19:48 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 63479, Process: svchost.exe)
05:19:49 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 63480, Process: svchost.exe)
05:19:49 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 63481, Process: svchost.exe)
05:19:49 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 63482, Process: svchost.exe)
05:29:43 Blubb IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 64508, Process: svchost.exe)
05:39:45 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49417, Process: svchost.exe)
05:39:45 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49418, Process: svchost.exe)
05:39:45 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49419, Process: svchost.exe)
05:39:45 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49420, Process: svchost.exe)
05:49:48 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50494, Process: svchost.exe)
05:49:48 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50495, Process: svchost.exe)
05:49:48 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50496, Process: svchost.exe)
05:49:48 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50497, Process: svchost.exe)
11:09:26 Blubb MESSAGE Protection started successfully
11:09:29 Blubb MESSAGE IP Protection started successfully
11:17:56 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50177, Process: svchost.exe)
11:17:56 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50178, Process: svchost.exe)
11:17:56 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50179, Process: svchost.exe)
11:17:56 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50180, Process: svchost.exe)
11:17:56 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50181, Process: svchost.exe)
11:27:57 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50688, Process: svchost.exe)
11:27:57 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50689, Process: svchost.exe)
11:27:57 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50690, Process: svchost.exe)
11:27:57 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50691, Process: svchost.exe)
11:27:57 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50692, Process: svchost.exe)
11:37:59 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51060, Process: svchost.exe)
11:37:59 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51061, Process: svchost.exe)
11:37:59 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51062, Process: svchost.exe)
11:37:59 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51063, Process: svchost.exe)
11:37:59 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51064, Process: svchost.exe)
11:48:00 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51425, Process: svchost.exe)
11:48:00 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51426, Process: svchost.exe)
11:48:00 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51427, Process: svchost.exe)
11:48:00 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51428, Process: svchost.exe)
11:48:00 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51429, Process: svchost.exe)
11:58:02 Blubb IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51795, Process: svchost.exe)
12:07:57 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52727, Process: svchost.exe)
12:07:57 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52728, Process: svchost.exe)
12:07:57 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52729, Process: svchost.exe)
12:07:57 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52730, Process: svchost.exe)
12:17:59 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 53407, Process: svchost.exe)
12:17:59 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 53408, Process: svchost.exe)
12:17:59 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 53409, Process: svchost.exe)
12:17:59 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 53410, Process: svchost.exe)
12:28:01 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 54079, Process: svchost.exe)
12:28:01 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 54080, Process: svchost.exe)
12:28:01 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 54081, Process: svchost.exe)
12:28:01 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 54082, Process: svchost.exe)
12:38:02 Blubb IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 54690, Process: svchost.exe)
12:38:03 Blubb IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 54691, Process: svchost.exe)
12:38:03 Blubb IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 54692, Process: svchost.exe)
12:38:03 Blubb IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 54693, Process: svchost.exe)
12:47:56 Blubb IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 55266, Process: svchost.exe)
Und das Ding dauerte ewig, war aber nich länger: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 |
|
24.12.2011, 13:42
| #4 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Hi Arne, ganz kurz: Ich bin bis 27.12. nicht zuhause und kann daher auch nicht an meinem PC sein (im Internet schon, aber halt leider nicht mit dem PC, mit dem ich die Schritte ausführen müsste *g). Ich hoffe, das ist in Ordnung für dich und du machst hier nicht gleich zu. Frohe Weihnachten dir! |
|
24.12.2011, 15:14
| #5 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtZitat:
Zitat:
ESET hast du falsch ausgeführt, wahrscheinlich wurde das hier mal wieder überlesen: Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2011, 01:15
| #6 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Hi, sorry, ja, das hatte ich tatsächlich überlesen. Hier: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c186c7f7f169604fbbdbfe10af567a9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 12:14:08
# local_time=2011-12-27 01:14:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 298034 76566155 0 0
# compatibility_mode=8192 67108863 100 0 270769 270769 0 0
# scanned=252611
# found=0
# cleaned=0
# scan_time=8392
|
|
27.12.2011, 16:44
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Keine Funde. Wurde nur ein angeblicher Schädling in der Outlook-PST gefunden oder in der Zwischenzeit bzw. Vergangenheit noch woanders? Ein Backup der PST hast du wohl nicht, d.h. alle Mails sind jetzt weg?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2011, 17:06
| #8 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Nee, hab keine BackUp der pst-Datei gehabt. Habe auch in der Zwischenzeit Office deinstalliert, neu gestartet, bin mit dem CCleaner drüber, damit auch alles weg ist. Office 2010 neu installiert, wieder das gleiche Spielchen, Outlook lässt sich nicht mehr starten, bzw. es startet durchaus, kann allerdings halt keine eMails mehr abrufen. Selbe Meldung. Alle Mails scheinen weg zu sein. Aber das ist nicht schlimm (zumindest für mich nicht). Ansonsten werden bei mir täglich immer nur Cookie-Dinger gefunden, aber nie was Ernsthaftes. Dieses Trojan-Ding wurde auch nur dieses eine Mal gefunden, weil ich eine "tiefe Systemprüfung" machte. Da wurde das Mail-Archiv einfach automatisch mitüberprüft, denke ich. Ich hab dann a uch nicht recht gelesen und erst hinterher gecheckt, dass es sich um mein ganzes eMail-Archiv handelt, NACHDEM ich es schon in Quarantäne geschoben hatte... Seitdem geht auf jeden Fall nichts mehr. Selbst nach Neuinstallation nicht mehr. Das weiße Fenster öffnet sich nach wie vor ständig, die IPs werden immer noch geblockt. Was kann das sein? Das ist alles sehr seltsam...  ---- Ähm, Update: Outlook funktioniert wieder. Habe Bitdefender mal deaktiviert und dann die Datei mit dem ScanDings repariert. Mails sind alle noch da. Geändert von interaktion (27.12.2011 um 17:36 Uhr) |
|
27.12.2011, 17:40
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2011, 17:41
| #10 | |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtZitat:
Hm. ich <--- DAU. Was soll ich weiter tun? |
|
27.12.2011, 17:44
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nichtZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2011, 17:47
| #12 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Hm, na doch, diese komische IP, die geblockt wird. Und eben das mit dem sich ständig öffnenden Fenster... :/ |
|
28.12.2011, 03:07
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.12.2011, 15:29
| #14 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht Ja, das sah ich mir auch schon an. Das sagt mir leider überhaupt nichts. Ich hab, soweit ich weiß, auch kein Produkt von dieser Firma auf dem PC (überlegte schon, ob das so ne Nutzungsdatenübertragung wär, was es ja manchmal gibt). Ich benutze keine Cracks, Keygens und nur wenig Freeware-Kram, lade eigentlich nur von chip.de, wenn... Es kommt sehr selten vor, dass bei mir so viel Chaos auf dem PC ist. ;D Was weiter tun? P.S.: Ich hab mal gerade bei der Plus Line AG angerufen, die mir allerdings auch nicht weiterhelfen konnten. Der wird der Sache aber nachgehen, weil das ein Kunde von ihnen ist. Kann das eigentlich ein privater Angriff gegen mich sein? Dass da irgendeine Privatperson sitzt, die Daten von meinem PC sammelt und mich evtl. kennt? Ich hätte (!) einen Verdacht, es ist aber eigentlich ziemlich abwegig... Und was bedeutet es, dass svchost.exe auf diese Website zugreift? Geändert von interaktion (28.12.2011 um 16:07 Uhr) |
|
28.12.2011, 19:33
| #15 |
| | Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht AdAware Log: Code:
ATTFilter Logfile created: 28.12.2011 16:29:04
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Blubb
*********************** Definitions database information ***********************
Lavasoft definition file: 150.657
Genotype definition file version: 2011/09/21 13:56:01
Extended engine definition file: 11282.0
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 265958
Objects detected: 37
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 37
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *.adform* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409300 Family ID: 0
Description: *revenue* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409138 Family ID: 0
Description: *statistik-gallup* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409367 Family ID: 0
Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *rambler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408818 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *.comclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409086 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *webstat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409228 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Scan and cleaning complete: Finished correctly after 9295 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Dec 28 16:25:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Dec 28 22:25:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Dec 28 04:25:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Dec 28 10:25:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Dec 28 16:25:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
****************************** System information ******************************
Computer name: BLUBB-NEU
Processor name: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Processor identifier: Intel64 Family 6 Model 37 Stepping 5
Processor speed: ~3192MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 9477, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 2477453312 bytes
Physical memory total: 6298877952 bytes
Virtual memory available: 1862717440 bytes
Virtual memory total: 2147352576 bytes
Memory load: 60%
Microsoft Service Pack 1 (build 7601)
Windows startup mode:
Running processes:
PID: 368 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 532 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 592 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 612 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 660 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 668 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 676 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 804 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 864 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 892 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 964 name: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 996 name: C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1016 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 648 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1032 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1068 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1304 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1316 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1424 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1676 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1712 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1860 name: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1144 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1324 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1500 name: C:\Windows\SysWOW64\ezSharedSvcHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1988 name: C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1952 name: C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2052 name: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2076 name: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2104 name: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2160 name: C:\Program Files (x86)\PDF Complete\pdfsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2296 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2504 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2764 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2824 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2868 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 3460 name: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3524 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3584 name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3644 name: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3724 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3780 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3936 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 548 name: C:\Windows\System32\taskhost.exe owner: Blubb domain: Blubb-Neu
PID: 2944 name: C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe owner: Blubb domain: Blubb-Neu
PID: 2800 name: C:\Windows\System32\dwm.exe owner: Blubb domain: Blubb-Neu
PID: 3376 name: C:\Windows\explorer.exe owner: Blubb domain: Blubb-Neu
PID: 3928 name: C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe owner: Blubb domain: Blubb-Neu
PID: 1784 name: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe owner: Blubb domain: Blubb-Neu
PID: 1200 name: C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe owner: Blubb domain: Blubb-Neu
PID: 4080 name: C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE owner: Blubb domain: Blubb-Neu
PID: 1796 name: C:\Program Files (x86)\ICQ7.5\ICQ.exe owner: Blubb domain: Blubb-Neu
PID: 1888 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe owner: Blubb domain: Blubb-Neu
PID: 3932 name: C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe owner: Blubb domain: Blubb-Neu
PID: 1216 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: Blubb domain: Blubb-Neu
PID: 3632 name: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE owner: Blubb domain: Blubb-Neu
PID: 1268 name: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe owner: Blubb domain: Blubb-Neu
PID: 3400 name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe owner: Blubb domain: Blubb-Neu
PID: 4128 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 4284 name: C:\Windows\splwow64.exe owner: Blubb domain: Blubb-Neu
PID: 4668 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4880 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 924 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: Blubb domain: Blubb-Neu
PID: 4140 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: Blubb domain: Blubb-Neu
PID: 3760 name: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 5812 name: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe owner: Blubb domain: Blubb-Neu
PID: 2280 name: C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe owner: Blubb domain: Blubb-Neu
PID: 5504 name: C:\Program Files (x86)\Java\jre6\bin\java.exe owner: Blubb domain: Blubb-Neu
PID: 5772 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 6068 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: Blubb domain: Blubb-Neu
PID: 5768 name: C:\Program Files (x86)\iTunes\iTunes.exe owner: Blubb domain: Blubb-Neu
PID: 4044 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe owner: Blubb domain: Blubb-Neu
PID: 4512 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 3332 name: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe owner: Blubb domain: Blubb-Neu
PID: 4584 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 3264 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe owner: Blubb domain: Blubb-Neu
PID: 5560 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 2436 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe owner: Blubb domain: Blubb-Neu
PID: 4772 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 5160 name: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe owner: Blubb domain: Blubb-Neu
PID: 5276 name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 920 name: C:\Program Files\BitDefender\BitDefender 2010\uiscan.exe owner: Blubb domain: Blubb-Neu
PID: 5292 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: Blubb domain: Blubb-Neu
PID: 5720 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 6020 name: C:\Windows\System32\msiexec.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5156 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1196 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 6908 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Blubb domain: Blubb-Neu
PID: 3516 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3112 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 6456 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Blubb domain: Blubb-Neu
Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: IAStorIcon
imagepath: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Name: HP Software Update
imagepath: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Name: PDF Complete
imagepath: C:\Program Files (x86)\PDF Complete\pdfsty.exe
Name: Norton Online Backup
imagepath: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Name: Easybits Recovery
imagepath: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
Name: Adobe ARM
imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: APSDaemon
imagepath: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Name: iTunesHelper
imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Name: QuickTime Task
imagepath: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Name: CanonSolutionMenuEx
imagepath: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
Name: SunJavaUpdateSched
imagepath: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Name: Malwarebytes' Anti-Malware
imagepath: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
imagepath: C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: AdobeARMservice
displayname: Adobe Acrobat Update Service
Name: AeLookupSvc
displayname: Anwendungserfahrung
Name: Appinfo
displayname: Anwendungsinformationen
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
displayname: Windows-Audio
Name: BFE
displayname: Basisfiltermodul
Name: BITS
displayname: Intelligenter Hintergrundübertragungsdienst
Name: Bonjour Service
displayname: Dienst "Bonjour"
Name: CryptSvc
displayname: Kryptografiedienste
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: ezSharedSvc
displayname: Easybits Services for Windows
Name: FontCache
displayname: Windows-Dienst für Schriftartencache
Name: FontCache3.0.0.0
displayname: Windows Presentation Foundation-Schriftartcache 3.0.0.0
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: HP Support Assistant Service
displayname: HP Support Assistant Service
Name: HPClientSvc
displayname: HP Client Services
Name: HPDrvMntSvc.exe
displayname: HP Quick Synchronization Service
Name: IAStorDataMgrSvc
displayname: Intel(R) Rapid Storage Technology
Name: IKEEXT
displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: iPod Service
displayname: iPod-Dienst
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: LIVESRV
displayname: BitDefender Desktop Update Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: LMS
displayname: Intel(R) Management and Security Application Local Management Service
Name: MBAMService
displayname: MBAMService
Name: MMCSS
displayname: Multimediaklassenplaner
Name: MpsSvc
displayname: Windows-Firewall
Name: msiserver
displayname: Windows Installer
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: NOBU
displayname: Norton Online Backup
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: osppsvc
displayname: Office Software Protection Platform
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: pdfcDispatcher
displayname: PDF Document Manager
Name: PlugPlay
displayname: Plug & Play
Name: PolicyAgent
displayname: IPsec-Richtlinien-Agent
Name: Power
displayname: Stromversorgung
Name: ProfSvc
displayname: Benutzerprofildienst
Name: ProtectedStorage
displayname: Geschützter Speicher
Name: RasMan
displayname: RAS-Verbindungsverwaltung
Name: RpcEptMapper
displayname: RPC-Endpunktzuordnung
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: Schedule
displayname: Aufgabenplanung
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: Spooler
displayname: Druckwarteschlange
Name: SSDPSRV
displayname: SSDP-Suche
Name: SstpSvc
displayname: SSTP-Dienst
Name: stisvc
displayname: Windows-Bilderfassung (WIA)
Name: swprv
displayname: Microsoft-Softwareschattenkopie-Anbieter
Name: SysMain
displayname: Superfetch
Name: TapiSrv
displayname: Telefonie
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: TrustedInstaller
displayname: Windows Modules Installer
Name: UNS
displayname: Intel(R) Management & Security Application User Notification Service
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: VSSERV
displayname: BitDefender Virus Shield
Name: WdiServiceHost
displayname: Diagnosediensthost
Name: WinDefend
displayname: Windows Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
displayname: Enumeratordienst für tragbare Geräte
Name: wscsvc
displayname: Sicherheitscenter
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
|
|
| Themen zu Ständig öffnet sich weißes IE-Fenster / Trojan.Generic.6779472 gefunden / Outlook funktioniert nicht |
| 64-bit, adobe, autorun, benutzerregistrierung, blockiert, bonjour, c:\windows\system32\rundll32.exe, canon, defender, diner dash, downloader, error, explorer, fehler, format, helper, home, install.exe, limited.com/facebook, logfile, microsoft office word, object, office 2007, origin, plug-in, problem, realtek, registry, scan, senden, server, services.exe, software, starten, symantec, trojan.generic., version=1.0, webcheck, weißes fenster, windows |
Linear-Darstellung
