| |
| |||||||
Log-Analyse und Auswertung: Entfernen von Live Security Platinum erfolgreich? (inkl. Logs)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.07.2012, 19:25
| #1 |
| |  Entfernen von Live Security Platinum erfolgreich? (inkl. Logs) Moin moin, mich hat es am Wochenende in einem Hotelnetzwerk in Amerika beim Surfen auch mit dem "Live Security Platinum" erwischt. Es erschien plötzlich das Symbol des Windows Sicherheitscenter in der Taskleiste mit der Nachricht, dass der Computer eventuell gefährdet sei ohne, dass ich mein AntiVir abgeschaltet habe oder ähnliches. Kurz darauf erschien dann "Live Security Platinum" mit einem vermeintlichen Virensuchlauf. Ich habe versucht den TaskManager zu starten was unterbunden wurde mit der Nachricht "taskmgr.exe" wurde blockiert, da es infiziert ist. Das kam mir natürlich gleich sehr suspekt vor und ich habe meinen Laptop sofort ausgeschaltet. Im abgesicherten Modus mit Netzwerktreibern wieder gestartet, Malwarebytes gestartet, aktualisiert und gescannt. Dieser hat den Live Security Platinum gefunden und entfernt. Beim nächsten Neustart war dann augenscheinlich wieder alles normal. Zumindest für mich als nicht-Viren-Experte. Ich habe mich danach hier etwas im Forum umgesehen und gelesen, dass man diesen "Live Security Premium" meistens gut, ohne weitere Probleme entfernen kann. Ich habe danach alles aktualisiert und natürlich alle wichtigen Online-Passwörter über mein iPad geändert und mich bisher nicht mehr mit dem Laptop irgendwo angemeldet. Ich habe mal das aktuelle Malwarebytes Log, OTL und GMER Log angehängt und würde mich freuen, wenn da jemand mal rüberschauen könnte, ob alles wieder gut ist oder sich doch noch irgendwo was versteckt hat. Besten Dank schonmal, Pingu mbam-log-2012-07-17 (17-26-39) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.17.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 lsy :: EIKE [Administrator] 17.07.2012 17:26:39 mbam-log-2012-07-17 (17-26-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 296278 Laufzeit: 11 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 17.07.2012 18:00:51 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 80,62% Memory free 4,77 Gb Paging File | 4,25 Gb Available in Paging File | 89,13% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 51,95 Gb Total Space | 9,21 Gb Free Space | 17,73% Space Free | Partition Type: NTFS Computer Name: EIKE | User Name: lsy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) PRC - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) PRC - C:\WINDOWS\system32\o2flash.exe (O2Micro International) PRC - C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) PRC - C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe () MOD - C:\WINDOWS\system32\vpnapi.dll () ========== Win32 Services (SafeList) ========== SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe File not found SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent File not found SRV - (avgfws9) -- C:\Programme\AVG\AVG9\avgfws9.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (OpenVPNService) -- C:\Programme\HMA! Pro VPN\bin\openvpnserv.exe () SRV - (WirelessSelectorService) -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) SRV - (SentinelProtectionServer) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (SentinelKeysServer) -- C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (O2Flash) -- C:\WINDOWS\system32\o2flash.exe (O2Micro International) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (DisplayLinkUsbPort) -- system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys File not found DRV - (DisplayLinkmirror) -- system32\DRIVERS\DisplayLinkmirrorport.sys File not found DRV - (DisplayLinkGA) -- system32\DRIVERS\DisplayLinkGAport.sys File not found DRV - (DisplayLinkFilter) -- system32\DRIVERS\DisplayLinkFilter.sys File not found DRV - (Changer) -- File not found DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys File not found DRV - (AvgRkx86) -- System32\Drivers\avgrkx86.sys File not found DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys File not found DRV - (AVGIDSShimxpx) -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys File not found DRV - (AVGIDSFilterxpx) -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys File not found DRV - (AVGIDSDriverxpx) -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (tapoas) -- C:\WINDOWS\system32\drivers\tapoas.sys (The OpenVPN Project) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.) DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (AX88772) -- C:\WINDOWS\system32\drivers\ax88772.sys (ASIX Electronics Corp.) DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (hxxp://www.atmel.com) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro ) DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro ) DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\sentinel.sys (SafeNet, Inc.) DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project) DRV - (BtnHnd) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) DRV - (FUJ02E3) -- C:\WINDOWS\system32\drivers\fuj02e3.sys (FUJITSU LIMITED) DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8080 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Programme\Ad Muncher\FirefoxExtension_2.0 [2012.06.21 11:35:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.04 21:01:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.07.17 15:24:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Programme\Ad Muncher\FirefoxExtension_2.0 [2012.06.21 11:35:08 | 000,000,000 | ---D | M] [2009.10.19 19:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Extensions [2012.06.10 19:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\45gw8kuz.default\extensions [2010.06.17 09:07:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Mozilla\Firefox\Profiles\45gw8kuz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.10 19:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.31 00:03:10 | 000,400,907 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\LSY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\45GW8KUZ.DEFAULT\EXTENSIONS\PLAYER@PORTALARIUM.COM.XPI [2012.07.04 21:01:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.13 12:19:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.04.18 10:21:04 | 000,170,592 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.06.10 19:34:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.10 19:34:04 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.10 19:34:04 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.10 19:34:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.10 19:34:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.10 19:34:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.25 19:32:38 | 000,001,150 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Ad Muncher] C:\Programme\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Addon\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [PSUtility] C:\Addon\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TvOutSwitch] C:\Addon\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED) O4 - HKCU..\Run: [AdMunchUDa.exe] C:\Programme\Ad Muncher\AdMunchUDa.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico () O4 - Startup: C:\Dokumente und Einstellungen\lsy\Startmenü\Programme\Autostart\Verknüpfung mit AdMunch.exe.lnk = C:\Programme\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {2FD395CB-BD93-4BA9-AA4B-D725754E20D1} hxxp://madotter.player.portalarium.com/installers/win32/PortalariumPlayer.cab (Portalarium Player Web Plugin) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342533060140 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248337956218 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B738C1-7B83-4F45-8C4E-E6C2A096D24F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - File not found O20 - Winlogon\Notify\PSUTY: DllName - (PSUWNP.dll) - C:\WINDOWS\System32\PSUWNP.dll (FUJITSU LIMITED) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.20 06:45:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{51f57a47-1192-11df-9108-00216a78add0}\Shell - "" = AutoRun O33 - MountPoints2\{51f57a47-1192-11df-9108-00216a78add0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{51f57a47-1192-11df-9108-00216a78add0}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{5ba07d20-c098-11de-90ec-00216a78add0}\Shell - "" = AutoRun O33 - MountPoints2\{5ba07d20-c098-11de-90ec-00216a78add0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ba07d20-c098-11de-90ec-00216a78add0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{b9d6e598-0c11-11df-9107-00216a78add0}\Shell - "" = AutoRun O33 - MountPoints2\{b9d6e598-0c11-11df-9107-00216a78add0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b9d6e598-0c11-11df-9107-00216a78add0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b9d6e59b-0c11-11df-9107-00216a78add0}\Shell - "" = AutoRun O33 - MountPoints2\{b9d6e59b-0c11-11df-9107-00216a78add0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b9d6e59b-0c11-11df-9107-00216a78add0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.17 16:18:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.17 16:04:47 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012.07.17 15:32:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.07.17 15:31:45 | 000,000,000 | ---D | C] -- C:\Programme\Oracle [2012.07.17 15:31:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Oracle [2012.07.17 15:31:34 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.07.17 15:31:34 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.07.17 15:20:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF-XChange [2012.07.17 15:20:39 | 000,000,000 | ---D | C] -- C:\Programme\PDF-XChange [2012.07.15 21:36:16 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.07.15 16:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.07.15 16:34:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Malwarebytes [2012.07.15 16:34:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.07.15 16:34:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.15 16:34:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.07.15 16:34:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.07.15 15:54:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lsy\Startmenü\Programme\Live Security Platinum [2012.07.15 15:51:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012.07.15 15:51:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF8500015C300000DE7E7B07D287 [2012.07.10 12:33:23 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.06.23 12:15:18 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [2012.06.21 11:35:07 | 000,000,000 | ---D | C] -- C:\Programme\Ad Muncher [2012.06.21 11:35:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad Muncher [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.17 17:37:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.17 17:25:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.17 17:24:57 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2012.07.17 17:24:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.17 17:24:27 | 3148,304,384 | -HS- | M] () -- C:\hiberfil.sys [2012.07.17 16:33:59 | 002,212,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.17 16:32:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.07.17 16:31:55 | 000,538,082 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.07.17 16:31:55 | 000,506,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.07.17 16:31:55 | 000,108,292 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.07.17 16:31:55 | 000,089,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.07.17 15:31:13 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.07.17 15:31:13 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.07.17 15:31:13 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.07.17 15:31:13 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.07.15 16:34:17 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 19:51:21 | 000,000,434 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\DuneHD.lnk [2012.07.12 18:41:17 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.07.12 18:40:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.07.12 18:40:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.30 16:08:57 | 000,186,368 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.24 17:21:59 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\winscp.rnd [2012.06.23 12:15:08 | 000,001,020 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\Dropbox.lnk [2012.06.21 11:58:34 | 000,000,860 | ---- | M] () -- C:\Dokumente und Einstellungen\lsy\Desktop\AdMunchUD.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.15 16:49:04 | 3148,304,384 | -HS- | C] () -- C:\hiberfil.sys [2012.07.15 16:34:17 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.10 12:33:23 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.21 11:58:34 | 000,000,860 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Desktop\AdMunchUD.lnk [2012.04.17 10:05:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2012.04.13 16:15:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.03.22 13:52:05 | 001,330,438 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1114512664-3139917823-1387352076-1005-0.dat [2012.03.22 13:52:04 | 000,393,562 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.03.21 12:46:02 | 000,000,094 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc [2012.01.23 22:39:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2011.12.16 23:51:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL [2011.11.07 22:36:42 | 000,000,877 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\.recently-used.xbel [2011.07.10 13:56:16 | 000,083,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.04.06 18:06:47 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\winscp.rnd [2011.03.28 13:29:40 | 000,000,089 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\.gtk-bookmarks [2009.10.24 14:26:30 | 000,186,368 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.22 15:32:54 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.05.20 06:26:54 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{f356afae-dc35-fa72-fbf9-4cec22145760}\@ [2009.05.20 06:26:54 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\lsy\Lokale Einstellungen\Anwendungsdaten\{f356afae-dc35-fa72-fbf9-4cec22145760}\@ ========== LOP Check ========== [2012.07.15 15:53:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\036DFF8500015C300000DE7E7B07D287 [2012.06.21 11:40:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad Muncher [2010.04.03 23:48:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2009.10.22 18:17:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.03.14 23:00:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2011.03.26 14:17:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.01.22 15:50:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FlashFXP [2010.11.01 21:13:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2011.03.26 13:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012.06.01 19:13:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2011.03.26 21:51:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.10.22 18:31:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Canon Easy-WebPrint EX [2011.03.26 14:22:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\DAEMON Tools Lite [2012.07.11 23:35:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Dropbox [2012.06.24 17:39:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\FileZilla [2011.11.07 22:36:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\gtk-2.0 [2011.02.02 20:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\ICQ [2010.10.16 20:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\MAGIX [2012.07.17 15:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Oracle [2012.06.01 19:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Publish Providers [2011.12.28 13:17:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\redsn0w [2012.06.02 00:02:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Sony [2010.02.04 16:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Surfstick Verbindungsassistent [2011.03.10 18:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\Trillian [2011.08.21 18:27:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\wargaming.net [2012.03.21 12:46:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lsy\Anwendungsdaten\WinCachebox ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.07.2012 18:00:51 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 80,62% Memory free
4,77 Gb Paging File | 4,25 Gb Available in Paging File | 89,13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 51,95 Gb Total Space | 9,21 Gb Free Space | 17,73% Space Free | Partition Type: NTFS
Computer Name: EIKE | User Name: lsy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{271274D2-92C6-4EEC-A0AD-9DA5272AD5C9}" = Lifebook Application Panel
"{272979FC-6D4A-4C25-B71A-32DD4974A022}" = Fujitsu Hotkey Utility
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4463FE76-D725-4DDA-A2BA-607011EEE498}" = OZ711 SCR Driver V3.0.1.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2EDC0F-B7C2-11E0-BE17-0013D3D69929}" = Vegas Movie Studio HD Platinum 11.0
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E3B891-B7C3-11E0-A2BD-001320F83A25}" = MSVCRT Redists
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34C74C3-077A-4A56-B4C0-71C4DB6D4933}" = O2Micro Flash Memory Card Windows Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FECD6774-8836-451B-967D-61FF8BC2ABC0}" = Zappiti
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad Muncher" = Ad Muncher v4.91 Build 32562
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"HMA! Pro VPN" = HMA! Pro VPN 2.6.9
"ie8" = Windows Internet Explorer 8
"InstallShield_{4463FE76-D725-4DDA-A2BA-607011EEE498}" = OZ711 SCR Driver V3.0.1.6
"InstallShield_{51202133-E0F9-4314-ACA4-AACBA46A6C69}" = Wireless Selector
"InstallShield_{58787BF5-1C5E-4554-9E44-9849FF932F4D}" = Fujitsu Display Manager
"InstallShield_{E304EDA1-5C87-412A-98D0-950BDCF58E6B}" = Power Saving Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{F34C74C3-077A-4A56-B4C0-71C4DB6D4933}" = O2Micro Flash Memory Card Windows Driver
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = The KMPlayer (remove only)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.07.2012 13:11:38 | Computer Name = EIKE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14317609
Error - 13.07.2012 13:11:39 | Computer Name = EIKE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.07.2012 13:11:39 | Computer Name = EIKE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14319563
Error - 13.07.2012 13:11:39 | Computer Name = EIKE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14319563
Error - 15.07.2012 08:37:22 | Computer Name = EIKE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 15.07.2012 15:00:52 | Computer Name = EIKE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.07.2012 15:00:52 | Computer Name = EIKE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2156
Error - 15.07.2012 15:00:52 | Computer Name = EIKE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2156
Error - 17.07.2012 09:36:01 | Computer Name = EIKE | Source = MsiInstaller | ID = 1013
Description = Produkt: DisplayLink Core Software -- DisplayLink Core Software kann
nicht deinstalliert werden, da die Software von anderen Anwendungen benutzt wird.
Error - 17.07.2012 09:37:37 | Computer Name = EIKE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 17.07.2012 10:35:54 | Computer Name = EIKE | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
[ System Events ]
Error - 08.05.2012 14:03:03 | Computer Name = EIKE | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.100 für die Netzwerkkarte mit der Netzwerkadresse
00216A78ADD0 wurde durch den DHCP-Server 172.20.10.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 13.05.2012 15:25:32 | Computer Name = EIKE | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 13.05.2012 15:25:32 | Computer Name = EIKE | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 14.05.2012 11:29:03 | Computer Name = EIKE | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.200.1.17 für die Netzwerkkarte mit der Netzwerkadresse
00FF1FA29C3E wurde durch den DHCP-Server 10.200.3.254 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 16.05.2012 08:33:46 | Computer Name = EIKE | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "STIEM-NB",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{53B738C1-7B83-4F45--Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
< End of report >
GMER.log Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-17 19:39:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AGBA
Running: ughz9d8t.exe; Driver: C:\DOKUME~1\lsy\LOKALE~1\Temp\pgtdapow.sys
---- System - GMER 1.0.15 ----
SSDT A8281DBC ZwClose
SSDT A8281D76 ZwCreateKey
SSDT A8281DC6 ZwCreateSection
SSDT A8281D6C ZwCreateThread
SSDT A8281D7B ZwDeleteKey
SSDT A8281D85 ZwDeleteValueKey
SSDT A8281DB7 ZwDuplicateObject
SSDT A8281D8A ZwLoadKey
SSDT A8281D58 ZwOpenProcess
SSDT A8281D5D ZwOpenThread
SSDT A8281DDF ZwQueryValueKey
SSDT A8281D94 ZwReplaceKey
SSDT A8281DD0 ZwRequestWaitReplyPort
SSDT A8281D8F ZwRestoreKey
SSDT A8281DCB ZwSetContextThread
SSDT A8281DD5 ZwSetSecurityObject
SSDT A8281D80 ZwSetValueKey
SSDT A8281DDA ZwSystemDebugControl
SSDT A8281D67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? bbnhp.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[684] ws2_32.dll!getsockname 71A13D10 5 Bytes JMP 0302008D
.text C:\WINDOWS\Explorer.EXE[684] ws2_32.dll!connect 71A14A07 5 Bytes JMP 0302002D
.text C:\WINDOWS\Explorer.EXE[684] ws2_32.dll!getpeername 71A20B68 5 Bytes JMP 030200BD
.text C:\WINDOWS\Explorer.EXE[684] ws2_32.dll!WSAConnect 71A20C81 5 Bytes JMP 0302005D
.text C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe[1472] WS2_32.dll!getsockname 71A13D10 5 Bytes JMP 0159008D
.text C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe[1472] WS2_32.dll!connect 71A14A07 5 Bytes JMP 0159002D
.text C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe[1472] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 015900BD
.text C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe[1472] WS2_32.dll!WSAConnect 71A20C81 5 Bytes JMP 0159005D
.text C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe[2060] WS2_32.dll!getsockname 71A13D10 5 Bytes JMP 00B3008D
.text C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe[2060] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00B3002D
.text C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe[2060] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 00B300BD
.text C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe[2060] WS2_32.dll!WSAConnect 71A20C81 5 Bytes JMP 00B3005D
.text C:\Programme\iTunes\iTunesHelper.exe[2352] WS2_32.dll!getsockname 71A13D10 5 Bytes JMP 027C008D
.text C:\Programme\iTunes\iTunesHelper.exe[2352] WS2_32.dll!connect 71A14A07 5 Bytes JMP 027C002D
.text C:\Programme\iTunes\iTunesHelper.exe[2352] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 027C00BD
.text C:\Programme\iTunes\iTunesHelper.exe[2352] WS2_32.dll!WSAConnect 71A20C81 5 Bytes JMP 027C005D
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- EOF - GMER 1.0.15 ----
|
| Themen zu Entfernen von Live Security Platinum erfolgreich? (inkl. Logs) |
| 32 bit, amerika, antivir, application/pdf:, avira, bho, blockiert, bonjour, canon, computer, desktop, entfernen, error, firefox, flash player, format, ftp, helper, heuristiks/extra, heuristiks/shuriken, jdownloader, libusb0.sys, live security premium, logfile, microsoft office word, msiinstaller, msvcrt, ntdll.dll, object, office 2007, plug-in, realtek, registry, rundll, saving, searchscopes, security, server, software, starten, taskmanager, tracker, windows, windows internet |
Baum-Darstellung