Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe

Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe


Log-Analyse und Auswertung: Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.09.2012, 21:26   #1
Volliv
 
Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe - Standard

Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe


Hallo zusammen!

Gestern abend habe ich von Avast eine Virus-Warnung bekommen, danach einen Scan mit Avast und Malwarebyte's Anti-Malware durchgeführt. (Bisher sind mir keine ungewöhnlichen Störungen aufgefallen.) Avast hat etwas gefunden (Java:Agent BOT), das habe ich in den Container verschoben. Leider hatte ich kurz danach einen Bluescreen und danach war die Datei arus Avast gelöscht. Aus dem Malware-Scan ist folgendes herausgekommen:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.02.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19298
Win :: WIN-PC [Administrator]

03.09.2012 14:07:14
mbam-log-2012-09-03 (15-29-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346820
Laufzeit: 1 Stunde(n), 9 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Update (Trojan.Agent) -> Daten: C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\Users\Win\M-1-74-6482-7942-8945 (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Hier ist das Ergebnis aus OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.09.2012 15:52:30 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 65,50% Memory free
5,72 Gb Paging File | 4,81 Gb Available in Paging File | 84,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 50,25 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 179,48 Gb Free Space | 89,55% Space Free | Partition Type: NTFS
 
Computer Name: WIN-PC | User Name: Win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.03 15:51:48 | 000,598,528 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.03 21:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe
PRC - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe
PRC - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.19 17:52:48 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.29 18:11:16 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.15 17:42:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.03 21:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.07.19 16:41:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.08 07:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010.10.08 07:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010.10.08 07:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.08.03 21:38:55 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012.08.03 21:38:05 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012.08.03 21:38:05 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)
DRV - [2012.07.03 18:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010.09.02 09:18:48 | 000,017,920 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)
DRV - [2010.09.02 09:18:48 | 000,013,824 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)
DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.06.09 17:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.01.20 14:49:26 | 000,142,848 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.04.29 01:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19946&mntrId=94d3057100000000000000224353e977e977
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - prefs.js..network.proxy.http: "www-cache.uni-mannheim.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.19 20:41:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 14:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 20:41:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 16:41:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 20:41:18 | 000,000,000 | ---D | M]
 
[2011.06.29 18:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win\AppData\Roaming\mozilla\Extensions
[2012.07.25 11:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions
[2011.10.07 10:12:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.17 20:08:59 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Win\AppData\Roaming\mozilla\Firefox\Profiles\1mgg5wko.default\extensions\ffxtlbr@babylon.com
[2012.08.21 01:21:26 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-1.xml
[2011.08.25 09:28:52 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-2.xml
[2011.09.01 16:13:26 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-3.xml
[2011.09.08 15:13:52 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-4.xml
[2011.10.06 18:45:55 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-5.xml
[2011.10.11 18:37:50 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-6.xml
[2011.11.21 23:32:37 | 000,000,950 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin-7.xml
[2011.08.10 23:36:37 | 000,001,056 | ---- | M] () -- C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\1mgg5wko.default\searchplugins\icqplugin.xml
[2012.09.02 20:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.08 16:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.02 20:22:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.08.26 14:27:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.08.08 16:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.19 16:41:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.08 11:45:29 | 000,002,291 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.08 18:10:54 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Win\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Win\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Free YouTube Download - C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.155.96.52 134.155.96.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{553941C3-C839-4B2D-9386-B45AF02055B4}: DhcpNameServer = 134.155.96.52 134.155.96.53
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.28 16:51:49 | 000,000,000 | ---D | C] -- C:\Users\Win\Desktop\Kosten Studium
[2012.08.26 14:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Win\AppData\Local\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2012.08.26 14:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012.08.26 03:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShrewSoft VPN Client
[2012.08.26 03:54:31 | 000,000,000 | ---D | C] -- C:\Users\Win\Documents\Shrew Soft VPN
[2012.08.26 03:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\ShrewSoft
[2012.08.23 17:59:11 | 000,000,000 | ---D | C] -- C:\Users\Win\Desktop\Uni
[2012.08.21 21:15:45 | 000,000,000 | ---D | C] -- C:\Users\Win\AppData\Local\Passbild_Generator
[2012.08.21 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
[2012.08.21 21:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Passbild-Generator
[2012.08.08 16:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.08 16:17:13 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.08 16:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.08.08 16:17:12 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.08 16:16:40 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.08 16:16:40 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.08 16:16:40 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.08 16:16:40 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.08 16:15:55 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.08 16:15:55 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.03 15:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.03 15:45:20 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.03 15:45:20 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.03 15:45:20 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.03 15:45:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.03 15:39:57 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 15:39:57 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 15:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.03 15:39:50 | 2951,958,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 15:38:47 | 000,000,352 | ---- | M] () -- C:\Users\Win\defogger_reenable
[2012.09.03 14:47:40 | 000,002,633 | ---- | M] () -- C:\Users\Win\Desktop\Microsoft Office Excel 2007.lnk
[2012.09.03 14:06:50 | 000,000,906 | ---- | M] () -- C:\Users\Win\Desktop\mbam - Verknüpfung.lnk
[2012.09.02 22:17:15 | 288,685,133 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.30 21:24:36 | 000,002,631 | ---- | M] () -- C:\Users\Win\Desktop\Microsoft Office Word 2007.lnk
[2012.08.27 18:04:55 | 000,233,472 | ---- | M] () -- C:\Users\Win\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.27 03:58:36 | 000,399,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.26 14:27:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.08.26 12:43:11 | 000,000,680 | ---- | M] () -- C:\Users\Win\AppData\Local\d3d9caps.dat
[2012.08.21 21:15:41 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\Passbild-Generator.lnk
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.08.15 18:26:05 | 000,001,025 | ---- | M] () -- C:\Users\Win\Desktop\GildeGold_TL - Verknüpfung.lnk
[2012.08.08 17:24:14 | 000,000,680 | ---- | M] () -- C:\Users\Win\Desktop\JDownloader - Verknüpfung.lnk
[2012.08.08 16:17:13 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.03 15:37:33 | 000,000,352 | ---- | C] () -- C:\Users\Win\defogger_reenable
[2012.09.03 14:06:50 | 000,000,906 | ---- | C] () -- C:\Users\Win\Desktop\mbam - Verknüpfung.lnk
[2012.09.02 20:58:07 | 2951,958,528 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.21 21:15:41 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\Passbild-Generator.lnk
[2012.08.08 17:24:21 | 000,000,680 | ---- | C] () -- C:\Users\Win\Desktop\JDownloader - Verknüpfung.lnk
[2012.08.08 16:17:13 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.16 22:36:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2011.08.28 17:45:45 | 000,000,000 | ---- | C] () -- C:\Users\Win\AppData\Roaming\chrtmp
[2011.07.08 11:45:54 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.07.07 22:14:04 | 000,233,472 | ---- | C] () -- C:\Users\Win\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.30 16:52:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.30 16:52:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.30 14:17:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.29 16:56:42 | 001,703,936 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011.06.29 16:56:42 | 001,630,208 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011.06.29 16:56:42 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011.06.29 16:56:41 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2011.06.29 16:56:40 | 001,486,848 | ---- | C] () -- C:\Windows\System32\nview.dll
[2011.06.29 16:56:40 | 001,339,392 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe
[2011.06.29 16:56:38 | 000,442,368 | ---- | C] () -- C:\Windows\System32\nvappbar.exe
[2011.06.29 16:56:38 | 000,425,984 | ---- | C] () -- C:\Windows\System32\keystone.exe
[2011.06.29 16:24:03 | 000,000,680 | ---- | C] () -- C:\Users\Win\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.07.08 11:45:29 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Babylon
[2011.10.08 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\calibre
[2011.08.20 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DAEMON Tools Lite
[2011.10.30 12:40:45 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DVDVideoSoft
[2011.10.07 12:32:15 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.01 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\GameRanger
[2011.07.26 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Lingo4u
[2011.06.29 18:14:30 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\OpenOffice.org
[2012.06.27 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Win\AppData\Roaming\Opera
[2012.09.03 15:39:07 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Hier dsa Ergebnis aus Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.09.2012 15:52:30 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 65,50% Memory free
5,72 Gb Paging File | 4,81 Gb Available in Paging File | 84,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 50,25 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 179,48 Gb Free Space | 89,55% Space Free | Partition Type: NTFS
 
Computer Name: WIN-PC | User Name: Win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{94A17928-F3FA-48F7-A0B7-77D33B821ADB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3DBC94-AC47-45D0-A028-16D2E2A93944}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{26FC9EF1-7DE7-4571-905A-058327E95FE4}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{47C89149-A9F6-4D5D-BA31-657E23912B48}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{6A3AAF19-C933-4F14-B84C-79092BE3969D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6CB8CA60-683C-4B72-AF6A-0D4269B54B8B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{6E6D1E23-D852-4F21-B20F-73131C69BB2A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{869A0A6C-CFB7-4BB2-83A6-6330C38CABCB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{87E6ABB9-662E-4854-9D1E-0FDB413B1831}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{A9742667-E732-4F53-A1FD-886B8669BD7E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{B7953952-9CF3-485D-ACCE-7CF63CA34FEC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{0501D2F1-02CC-4852-8DDF-0ACD1A8D92B7}C:\program files\ballerburg\ballerburg.exe" = protocol=6 | dir=in | app=c:\program files\ballerburg\ballerburg.exe | 
"TCP Query User{3560434F-5289-4A8C-B43D-629681AB25EE}D:\cod_2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\cod_2\cod2mp_s.exe | 
"TCP Query User{66D8A4B4-1C78-4F9E-9908-542B1D003D00}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{83E7F80F-A804-4915-AC90-DB824EC9205D}G:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=g:\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{874D77D1-0BE4-4066-8A19-9FF3C58AE407}C:\users\win\desktop\candisoft_load!_0.7.1\load.exe" = protocol=6 | dir=in | app=c:\users\win\desktop\candisoft_load!_0.7.1\load.exe | 
"TCP Query User{9F2BDF40-0FF6-48A7-964E-2D690BF364F1}D:\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\vlc\vlc.exe | 
"TCP Query User{AA06AE43-F78A-459A-9AE4-E79B5B4E39E0}D:\die gilde gold-edition v2.06 windows vista&7 ready\die gilde gold-edition\gildegold_tl.exe" = protocol=6 | dir=in | app=d:\die gilde gold-edition v2.06 windows vista&7 ready\die gilde gold-edition\gildegold_tl.exe | 
"TCP Query User{B0B10DD3-C3CE-4C65-93A2-7039A6E10F8C}H:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=h:\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{D5F67FA0-F8FD-4092-B3F4-B60524949119}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{2AA2BCCE-D243-4C09-A2D8-EFE89E9BFD4E}C:\users\win\desktop\candisoft_load!_0.7.1\load.exe" = protocol=17 | dir=in | app=c:\users\win\desktop\candisoft_load!_0.7.1\load.exe | 
"UDP Query User{3B46FF6A-F317-412E-BAF0-BCF72321A2C8}D:\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\vlc\vlc.exe | 
"UDP Query User{4E4DCDD5-0F60-4C01-9AD5-A74C57F97D9C}C:\program files\ballerburg\ballerburg.exe" = protocol=17 | dir=in | app=c:\program files\ballerburg\ballerburg.exe | 
"UDP Query User{51009CB4-269D-4036-85B3-ADDE916AA6AA}D:\die gilde gold-edition v2.06 windows vista&7 ready\die gilde gold-edition\gildegold_tl.exe" = protocol=17 | dir=in | app=d:\die gilde gold-edition v2.06 windows vista&7 ready\die gilde gold-edition\gildegold_tl.exe | 
"UDP Query User{6FFF3D72-DFC7-49F1-AAF9-20B221AED3EC}D:\cod_2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\cod_2\cod2mp_s.exe | 
"UDP Query User{80D90D1F-3662-4BE6-9476-F3DF7CE515E4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9FEF524D-40CA-4A50-93E3-D3802050BA4F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D11712E4-C7D9-4326-B626-DE8D5DEA962A}H:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=h:\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{F205C4AC-E5E3-4C88-BDF8-557126387E2B}G:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=g:\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C18E004E-8C44-4F63-91DD-7ABF7DECD712}" = calibre
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1489-3350-5074-6281" = JDownloader 0.9
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Comical_is1" = Comical 0.8
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Gilde" = Die Gilde
"Divine Wind_is1" = Divine Wind Version 5.1
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.2.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Guitar Pro 5_is1" = Guitar Pro 5.2
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Navigium" = Navigium
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5b
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"Shutdown4U" = Shutdown4U
"SpeedFan" = SpeedFan (remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.08.2012 08:12:29 | Computer Name = Win-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 26.08.2012 08:12:29 | Computer Name = Win-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 26.08.2012 08:12:29 | Computer Name = Win-PC | Source = acvpninstall | ID = 67108866
Description = 
 
Error - 26.08.2012 17:13:00 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.08.2012 21:59:23 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.09.2012 08:44:36 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.09.2012 14:55:50 | Computer Name = Win-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 02.09.2012 14:56:52 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.09.2012 14:59:52 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.09.2012 15:39:41 | Computer Name = Win-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 30.08.2012 16:27:17 | Computer Name = Win-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionWinInet::HandleError File: .\Utility\HttpSession_wininet.cpp
Line:
 1050 Invoked Function: CHttpSessionWinInet::HandleError Return Code: 12007 (0x00002EE7)
Description:
 Der Servername oder die Serveradresse konnte nicht verarbeitet werden.   
 
Error - 30.08.2012 16:27:17 | Computer Name = Win-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
 407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
 HTTP_SESSION_ERROR_DNS_RESOLUTION 
 
Error - 30.08.2012 16:27:17 | Computer Name = Win-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
 1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423 
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
 experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility 
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
 
Error - 30.08.2012 17:41:35 | Computer Name = Win-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
 Hibernate, etc).
 
Error - 30.08.2012 18:02:25 | Computer Name = Win-PC | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
 Function: CTrayIcon::OnTimer Return Code: 1460 (0x000005B4) Description: Dieser Vorgang
 wurde wegen Zeitüberschreitung zurückgegeben.   
 
Error - 30.08.2012 18:02:25 | Computer Name = Win-PC | Source = acvpnui | ID = 67108866
Description = Function: CTrayIcon::StepAnimation File: .\TrayIcon.cpp Line: 428 Invoked
 Function: CTrayIcon::OnTimer Return Code: 0 (0x00000000) Description: unknown 
 
Error - 30.08.2012 18:03:23 | Computer Name = Win-PC | Source = acvpnui | ID = 67108866
Description = Function: MsgCatalog::msgFormat File: .\i18n\MsgCatalog.cpp Line: 450
Invoked
 Function: FormatMessage Return Code: 3 (0x00000003) Description: Das System kann 
den angegebenen Pfad nicht finden.   
 
Error - 30.08.2012 18:03:23 | Computer Name = Win-PC | Source = acvpndownloader | ID = 67108865
Description = Function: PreferenceMgr::invokePreferenceUpdateCBs File: ..\Api\PreferenceMgr.cpp
Line:
 1357 Callback interface address is NULL.
 
Error - 30.08.2012 18:03:23 | Computer Name = Win-PC | Source = acvpndownloader | ID = 67108865
Description = Function: PreferenceMgr::invokePreferenceUpdateCBs File: ..\Api\PreferenceMgr.cpp
Line:
 1357 Callback interface address is NULL.
 
Error - 30.08.2012 18:03:32 | Computer Name = Win-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteTableVista::addRouteV4 File: .\Routing\RouteTableVista.cpp
Line:
 192 Invoked Function: ::CreateIpForwardEntry2 Return Code: 5010 (0x00001392) Description:
 Das Objekt ist bereits vorhanden.   
 
[ OSession Events ]
Error - 03.10.2011 17:16:42 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:44:39 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:47:16 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:47:30 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:49:27 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 112
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 01:49:36 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.02.2012 07:34:19 | Computer Name = Win-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 164263
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.09.2012 14:56:52 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.09.2012 14:56:52 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.09.2012 14:56:52 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.09.2012 15:38:06 | Computer Name = Win-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.09.2012 um 21:36:20 unerwartet heruntergefahren.
 
Error - 02.09.2012 15:39:41 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 02.09.2012 16:17:19 | Computer Name = Win-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.09.2012 um 22:15:41 unerwartet heruntergefahren.
 
Error - 02.09.2012 16:18:54 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 02.09.2012 17:33:58 | Computer Name = Win-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.09.2012 um 23:32:24 unerwartet heruntergefahren.
 
Error - 02.09.2012 17:35:41 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 03.09.2012 09:41:35 | Computer Name = Win-PC | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >
--- --- ---

Und hier das Ergebnis aus GMER.txt:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-03 21:28:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000062 Hitachi_ rev.PB3O
Running: zs4mqwgu.exe; Driver: C:\Users\Win\AppData\Local\Temp\uwldqpow.sys


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xAE 0x45 0xCA 0x45 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x7E 0x53 0x77 0xA6 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x66 0xDC 0xCA 0xFA ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                   C:\Users\Win\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                   1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                0x21 0xA0 0x05 0x73 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                             
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                          0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                       0x84 0x48 0xE1 0x24 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                        
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                  0xAD 0x52 0x01 0x56 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xAE 0x45 0xCA 0x45 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x7E 0x53 0x77 0xA6 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x66 0xDC 0xCA 0xFA ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                  
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                       C:\Users\Win\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                       1
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x21 0xA0 0x05 0x73 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)         
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                           0x84 0x48 0xE1 0x24 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)    
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0xAD 0x52 0x01 0x56 ...

---- EOF - GMER 1.0.15 ----
--- --- ---



Schonmal vielen Dank im Voraus,
Volliv
Geändert von Volliv (03.09.2012 um 22:22 Uhr)

 

Themen zu Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe
antivirus, autorun, bho, bluescreen, converter, desktop, error, failed, feedback, firefox, flash player, format, helper, home, install.exe, jdownloader, logfile, mozilla, mp3, object, outbound, plug-in, realtek, registry, rundll, scan, security, senden, software, störungen, trojan.agent.ge, usb 2.0, virus-warnung, vista, wrapper


« Ransom Trojaner | TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt »


Ähnliche Themen: Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe


  1. Trojan.Agent.Gen in C:\Users\Sandra\AppData\Roaming\KB00012983.exe nach Öffnen einer Vodafone-Fake-Email
    Log-Analyse und Auswertung - 16.01.2014 (1)
  2. trojan.agent/Gen-frauder und trojan.agent/Gen-Reputation gefunden
    Log-Analyse und Auswertung - 02.11.2013 (10)
  3. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  4. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  5. Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (8)
  6. Trojan.Fakesmoke, Trojan.Agent-128337, Trojan.Agent-128287 bei Desinfect 2012 (Clam AV)
    Log-Analyse und Auswertung - 06.02.2013 (17)
  7. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  8. Trojaner gefunden: Win 32:Patcher [Trj], Win.Trojan.Agent-36124, Win.Trojan.Agent-44393
    Log-Analyse und Auswertung - 02.02.2013 (7)
  9. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  10. Adware Agent in C:\Users\xxxxx\AppData\Local\Temp\814044.Uninstall\Uninstall.exe ;Adware.Agent in C:\Users\xxxxxx\Downloads\FLV
    Log-Analyse und Auswertung - 30.12.2012 (32)
  11. Trojan.chydo in C:\Users\Public
    Log-Analyse und Auswertung - 30.10.2012 (11)
  12. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  13. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  14. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  15. TR.Dropper.gen in C:\Users\Christina\AppData\Local\Temp, Trojan/Zaccess, Trojan.Agent, ...
    Log-Analyse und Auswertung - 19.06.2012 (29)
  16. TR/Agent.LP.miv in C:\Users\***\Downloads\tvbrowser-2.7.5.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (5)
  17. Trojan-gen, MalOb-BL und Delfcrypt-F in C:\Users was tun?
    Plagegeister aller Art und deren Bekämpfung - 20.06.2010 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe - Hallo zusammen! Gestern abend habe ich von Avast eine Virus-Warnung bekommen, danach einen Scan mit Avast und Malwarebyte's Anti-Malware durchgeführt. (Bisher sind mir keine ungewöhnlichen Störungen aufgefallen.) Avast hat etwas - Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe...
Archiv
Du betrachtest: Trojan.Agent in C:\Users\Win\M-1-74-6482-7942-8945\winsvc.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131