| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hacktool.Hiderun mit Anti-Malware gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.09.2012, 23:18
| #1 |
| |  Hacktool.Hiderun mit Anti-Malware gefunden Hallo liebe Forengemeinde. Habe nach meinem letzten Virenbefall auf die Aktualität aller Programme geachtet (u.a. mit Secunia) und gehofft, dass ich in Verbindung mit umsichtigem surfen weiteren Problemen aus dem Weg gehen kann. Bei einem Routine-Test mit Malwarebytes Anti-Malware hab ich jetzt doch einen Virus gefunden: Hacktool.Hiderun Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.07.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Felipe_2 :: FELIPE-PC [limited] 07.09.2012 23:38:23 mbam-log-2012-07-30 (15-04-16).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 278580 Time elapsed: 18 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\MSI329D.tmp (HackTool.Hiderun) -> No action taken. (end) Code:
ATTFilter OTL logfile created on: 08.09.2012 00:10:04 - Run 1 OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Felipe_2\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,85% Memory free 7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 99,90 Gb Total Space | 68,82 Gb Free Space | 68,89% Space Free | Partition Type: NTFS Drive D: | 831,51 Gb Total Space | 763,23 Gb Free Space | 91,79% Space Free | Partition Type: NTFS Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.08 00:09:30 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Felipe_2\Downloads\OTL.exe PRC - [2012.09.07 21:06:07 | 000,917,984 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla\Firefox\firefox.exe PRC - [2012.08.31 12:52:05 | 000,388,576 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla\Thunderbird\thunderbird.exe PRC - [2012.07.30 23:30:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.24 05:46:34 | 000,405,832 | ---- | M] () -- D:\Programme\MSI Afterburner\MSIAfterburner.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- D:\Programme\dradio-Recorder\phonostarTimer.exe PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- D:\Programme\Secunia\PSI\psia.exe PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- D:\Programme\Secunia\PSI\sua.exe PRC - [2011.10.14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- D:\Programme\Secunia\PSI\psi_tray.exe PRC - [2011.08.03 22:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe ========== Modules (No Company Name) ========== MOD - [2012.09.07 21:06:07 | 002,244,064 | ---- | M] () -- D:\Programme\Mozilla\Firefox\mozjs.dll MOD - [2012.08.31 12:52:05 | 002,061,280 | ---- | M] () -- D:\Programme\Mozilla\Thunderbird\mozjs.dll MOD - [2012.08.31 12:52:05 | 000,157,664 | ---- | M] () -- D:\Programme\Mozilla\Thunderbird\nsldap32v60.dll MOD - [2012.08.31 12:52:05 | 000,021,984 | ---- | M] () -- D:\Programme\Mozilla\Thunderbird\nsldappr32v60.dll MOD - [2012.07.24 05:46:34 | 000,405,832 | ---- | M] () -- D:\Programme\MSI Afterburner\MSIAfterburner.exe MOD - [2012.07.21 08:44:58 | 000,061,440 | ---- | M] () -- D:\Programme\MSI Afterburner\RTMUI.dll MOD - [2012.07.21 08:44:54 | 000,335,872 | ---- | M] () -- D:\Programme\MSI Afterburner\RTHAL.dll MOD - [2012.07.21 08:44:38 | 000,225,280 | ---- | M] () -- D:\Programme\MSI Afterburner\RTCore.dll MOD - [2012.07.21 08:44:30 | 000,147,456 | ---- | M] () -- D:\Programme\MSI Afterburner\RTUI.dll MOD - [2012.07.21 08:44:22 | 000,061,440 | ---- | M] () -- D:\Programme\MSI Afterburner\RTFC.dll MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- D:\Programme\dradio-Recorder\phonostarTimer.exe MOD - [2011.04.30 17:04:54 | 000,013,312 | ---- | M] () -- D:\Programme\MSI Afterburner\RTTSH.dll ========== Services (SafeList) ========== SRV - [2012.08.27 21:26:39 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.25 04:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.22 17:40:58 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.07.30 23:30:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- D:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- D:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.08.03 22:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.03 22:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2012.07.24 05:46:34 | 000,010,568 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Programme\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 C7 08 80 50 52 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Programme\Mozilla\Firefox\components [2012.09.07 21:06:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Programme\Mozilla\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.08.31 12:26:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: D:\Programme\Mozilla\Thunderbird\components [2012.06.24 23:53:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: D:\Programme\Mozilla\Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.31 12:37:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.07.17 13:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\mozilla\Extensions [2012.08.10 22:45:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felipe\AppData\Roaming\mozilla\Firefox\Profiles\txl56xpe.default\extensions [2012.08.10 22:45:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Felipe\AppData\Roaming\mozilla\Firefox\Profiles\txl56xpe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.31 12:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.25 04:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 04:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCDDB11A-1826-44FD-82E3-BFFFC95FE70E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.07 23:31:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.07 23:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.04 23:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports [2012.09.04 09:49:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012.09.04 09:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012.09.03 16:30:00 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.09.03 16:29:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.09.03 16:29:59 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.09.03 16:29:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.31 17:13:03 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.08.31 17:13:03 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.08.31 17:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF [2012.08.31 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2012.08.31 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF [2012.08.31 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF [2012.08.31 12:33:44 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.08.31 12:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.31 12:21:03 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.31 12:21:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.31 12:21:01 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.31 12:21:01 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.31 12:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.08.31 12:15:56 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.08.31 12:15:54 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.08.31 12:15:54 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.08.31 12:15:54 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.08.31 12:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.08.31 11:50:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.08.31 11:43:37 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.08.31 11:23:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.08.31 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.08.23 21:42:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.08.23 21:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.23 21:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.23 21:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.08.21 23:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs [2012.08.21 22:55:57 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\Macromedia [2012.08.21 22:55:56 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012.08.16 01:05:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 01:05:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 01:05:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 01:05:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 01:05:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 01:05:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 01:05:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.16 01:05:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.16 01:05:36 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.16 01:05:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.16 01:05:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.16 01:05:35 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.16 01:05:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 18:46:15 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.08.15 09:57:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 09:57:43 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 09:57:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 09:57:42 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.10 22:45:18 | 000,000,000 | ---D | C] -- C:\Users\Felipe\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.10 22:45:17 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.08.10 22:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.08.10 22:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft ========== Files - Modified Within 30 Days ========== [2012.09.07 23:47:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.07 20:51:51 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 20:51:51 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.07 20:49:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.07 20:49:15 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.07 20:49:15 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.07 20:49:15 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.07 20:49:15 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.07 20:44:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.07 20:44:36 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2012.09.03 23:22:04 | 000,292,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.31 12:20:59 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.08.31 12:20:59 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.08.31 12:20:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.31 12:20:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.31 12:20:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.31 12:20:59 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.31 12:19:46 | 000,000,715 | ---- | M] () -- C:\Users\Felipe\Desktop\MSI Afterburner.lnk [2012.08.31 12:15:52 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.08.31 12:15:52 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.08.31 12:15:52 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.08.31 12:15:52 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.08.31 12:15:52 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.08.31 12:15:52 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.08.31 11:43:37 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.08.27 21:26:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.27 21:26:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.22 17:40:42 | 000,029,712 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.08.22 17:40:42 | 000,017,936 | ---- | M] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.08.15 18:47:47 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe ========== Files Created - No Company Name ========== [2012.09.07 23:18:01 | 000,002,333 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.09.07 23:18:01 | 000,002,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.09.07 23:18:01 | 000,002,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.09.04 09:18:42 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.08.31 17:13:02 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk [2012.07.30 23:30:21 | 000,280,976 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.07.30 23:30:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll < End of report > Ich danke für jede Hilfe! Edit: Habe den TDSS Killer von Kaspersky laufen lassen, ohne Fund. Edit2: Habe die Datei mit Anti-Malware in Quarantäne stellen lassen, allerdings findet das Programm bei neuen Suchläufen die infizierte Datei immer wieder. Ist das normal (bis zum endgültigen Löschen aus der Quarantäne)? Hier noch die Extras.txt von OTL: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.09.2012 00:10:04 - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Felipe_2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,85% Memory free
7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 68,82 Gb Free Space | 68,89% Space Free | Partition Type: NTFS
Drive D: | 831,51 Gb Total Space | 763,23 Gb Free Space | 91,79% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: FELIPE-PC | User Name: Felipe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0907ED42-5699-41A9-9F81-81533DD602A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{0D7C576E-01ED-43E4-A611-D437CA940AC0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0DF05E08-BF56-4D5D-91DD-9A262F38E40D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17E0E607-4B8A-4180-A0B4-5F5BD3C7643F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EA17D11-6245-43AC-AE14-C20ADD8E7B64}" = rport=138 | protocol=17 | dir=out | app=system |
"{31D2E76E-45AA-421A-A347-CADD27611973}" = lport=137 | protocol=17 | dir=in | app=system |
"{33A4E6C2-58D2-4102-B34E-DB34134D4A47}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3AA19804-B11C-4AB2-AA99-81540CC2BD7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{41290E52-08CE-42F6-A56E-84875FDB7A9C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48471CBA-949C-4059-B4F9-B93E4DC49521}" = lport=445 | protocol=6 | dir=in | app=system |
"{5730C4DA-E1B4-4592-9883-6DA7D8BD3D79}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58377884-C381-4CEB-86C7-AFC8BF1EC94F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{703DAC49-1DA4-491C-B4BC-8B857A2D44A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78CB0617-6ED8-4A91-9698-6CB42092EEA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8422F7EA-0BEA-46A6-8D9C-9B6F19DDA97C}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C0E91E7-84B6-4B39-BE44-0CBABC13B6CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{9AA89B4B-2704-4381-BF2B-B5B90A0D685E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9FE13D0C-B320-4727-B898-438A2E56FCE9}" = rport=137 | protocol=17 | dir=out | app=system |
"{DA3EB676-CAC8-4931-AEB5-B5D547FD2827}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA5393E9-CEF8-4108-97D2-85DC05F56EBD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8C3F0F8-E54E-4F94-8659-41410F871B2D}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC06775-05E4-433E-91C8-07FF8599DF71}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0DCC8F70-F5C0-4740-8B0B-7E79D22AC384}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E94106F-A8A3-4F83-9D90-C8117AB67E23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1019A90F-049B-43E9-99E4-F12A59401220}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DDF6491-B468-4ED9-9187-BE984C99890C}" = protocol=17 | dir=in | app=d:\programme\2k sports\nba 2k11\nba2k11.exe |
"{37430C56-B63F-48A2-8688-4044926CEFE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3756818B-D8C8-4F10-A73D-69AB85B18B8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3756939C-E559-4A65-BA8A-EF43C2FF3E03}" = protocol=17 | dir=in | app=d:\programme\assassin's creed revelations\acrsp.exe |
"{3B26EF41-EF02-4C62-9196-90830B1CF21B}" = protocol=17 | dir=in | app=d:\programme\company of heroes anthology\reliccoh.exe |
"{3EB3DFC7-E00C-468E-AD99-AAAB6739FE9E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4372F9A8-FA66-4D29-A00D-EEC5FDCB3EE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DF43A45-A534-4BC2-8D71-631CA596674C}" = protocol=6 | dir=in | app=d:\programme\2k sports\nba 2k11\nba2k11.exe |
"{5275AA96-51C0-4A3E-8383-9FB9CA350E1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5418CAF5-C479-491E-8E52-8C3F1B90FF8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5996D02A-6A6D-45C2-ADA9-B3BD437281CB}" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{5B985991-F6FD-4637-AAD3-DF70DFED7108}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63692F28-6F06-4728-AA47-0017F4E94C21}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{63FB1521-4C28-4137-A31B-BBCFC9492147}" = protocol=17 | dir=in | app=d:\programme\assassin's creed revelations\acrmp.exe |
"{675EB7DE-4A44-4441-A54F-9740BE3D331E}" = protocol=6 | dir=out | app=system |
"{6AA946AA-561A-4227-A2C7-DC08D3A52368}" = protocol=6 | dir=in | app=d:\programme\rockstar games\max payne 3\playmaxpayne3.exe |
"{6AFD2206-D483-42F4-9B55-930A7DC030E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7158A1A4-0EA8-4B85-B71F-05B14BD98452}" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{73607AE2-7393-4AD2-BC8B-0272528C8A7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76074B55-197C-4A4D-9BF1-C0BD66200349}" = protocol=6 | dir=in | app=d:\programme\company of heroes anthology\reliccoh.exe |
"{78475540-D9DB-4FBB-9D6F-A62A007B2E74}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7C6E5EE9-CD78-4A9B-9BB5-EF49C8C508FC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7D04875E-4B4E-47FF-8710-FA7D5C4FAD4C}" = protocol=17 | dir=in | app=d:\programme\assassin's creed revelations\assassinscreedrevelations.exe |
"{80387DF5-4139-4A4E-A52F-959A99FB7013}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{84879116-F9BC-49BD-A51A-8209377EBD9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A80F9C4-9D43-45D2-8E6B-80A3F5F7CC98}" = protocol=6 | dir=in | app=d:\programme\company of heroes anthology\relicdownloader\relicdownloader.exe |
"{8FD13F11-F7F5-4066-BC95-32BB1B741035}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{918DE21F-5EF0-40A2-B739-148B77ACAD71}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9EB834DA-FECB-4685-BE34-998B8D5B18D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A9D9ABE1-70BF-4F63-AD8F-2DAD9B1DDE9B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C3339D7E-06D0-49BD-88C0-478D10FB2CEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2371D52-C4F5-4544-B039-F9E9B49AC02E}" = protocol=6 | dir=in | app=d:\programme\assassin's creed revelations\acrsp.exe |
"{D67DBC82-4A2E-4545-9EDE-9A96A9D688C7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E6922A95-3A17-4B7B-AD09-685883CAE3CD}" = protocol=6 | dir=in | app=d:\programme\assassin's creed revelations\assassinscreedrevelations.exe |
"{E79859D3-CF68-46EC-B162-242892613AB0}" = protocol=17 | dir=in | app=d:\programme\rockstar games\max payne 3\playmaxpayne3.exe |
"{ECE5A429-AEC7-4BF6-93A4-76685440DFC4}" = protocol=6 | dir=in | app=d:\programme\assassin's creed revelations\acrmp.exe |
"{EE6652C9-DDDA-4688-BB8F-D5A47EC6389F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7146FE3-218A-48E0-A1E8-B3F8071CE812}" = protocol=17 | dir=in | app=d:\programme\company of heroes anthology\relicdownloader\relicdownloader.exe |
"TCP Query User{22B85101-01FB-4814-B23E-EE95C199EC3A}D:\programme\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\max payne 3\maxpayne3.exe |
"TCP Query User{81176EBD-0BD5-4DE4-9ABB-3BD0DEF687A1}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{90787DC0-9509-47C8-8BFB-0CD2BF147F38}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{ECBBF31A-9023-477A-8FB5-72EED766C2C2}C:\users\felipe_2\appdata\local\temp\c84fd0b861cf426a966d7b1ce920cea8\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\felipe_2\appdata\local\temp\c84fd0b861cf426a966d7b1ce920cea8\relicdownloader.exe |
"UDP Query User{2BD61366-FA7D-4549-9BEE-12713CBA8D02}D:\programme\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{41BF51C5-4712-40C4-9A00-0E52033579B2}D:\programme\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\programme\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{6DB715AE-EA20-49DD-B612-5EBEB42E709C}C:\users\felipe_2\appdata\local\temp\c84fd0b861cf426a966d7b1ce920cea8\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\felipe_2\appdata\local\temp\c84fd0b861cf426a966d7b1ce920cea8\relicdownloader.exe |
"UDP Query User{A663698F-6732-4C68-B8BE-6B04A23ADA34}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D241AC96-11AC-45C1-A4BA-7A7C6DDCDADD}" = Nitro Reader 2
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.2.3
"Company of Heroes" = Company of Heroes
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"jdownloader09" = JDownloader 0.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rockstar Games Social Club" = Rockstar Games Social Club
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Ugrib_is1" = Ugrib RC1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.09.2012 02:05:21 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.09.2012 03:49:08 | Computer Name = Felipe-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTAIV.exe, Version: 1.0.7.0, Zeitstempel:
0x4bd9efbe Name des fehlerhaften Moduls: GTAIV.exe, Version: 1.0.7.0, Zeitstempel:
0x4bd9efbe Ausnahmecode: 0xc0000005 Fehleroffset: 0x001a9346 ID des fehlerhaften Prozesses:
0x9cc Startzeit der fehlerhaften Anwendung: 0x01cd8a71c0509d31 Pfad der fehlerhaften
Anwendung: D:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe Pfad des fehlerhaften
Moduls: D:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe Berichtskennung:
014a20f4-f665-11e1-933d-1c6f65878ead
Error - 04.09.2012 04:12:40 | Computer Name = Felipe-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Grand Theft Auto IV" konnte nicht heruntergefahren
werden.
Error - 04.09.2012 14:24:42 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.09.2012 02:48:32 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2012 02:38:42 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2012 14:35:30 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2012 15:56:57 | Computer Name = Felipe-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MaxPayne3.exe, Version: 1.0.0.55,
Zeitstempel: 0x5037e3a5 Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 8.17.13.142,
Zeitstempel: 0x4fb20322 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006eb45 ID des fehlerhaften
Prozesses: 0xedc Startzeit der fehlerhaften Anwendung: 0x01cd8c698c15e3f8 Pfad der
fehlerhaften Anwendung: D:\Programme\Rockstar Games\Max Payne 3\MaxPayne3.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\nvwgf2um.dll Berichtskennung: 03399239-f85d-11e1-92bd-1c6f65878ead
Error - 07.09.2012 03:19:24 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.09.2012 14:46:26 | Computer Name = Felipe-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 07.09.2012 03:17:48 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 07.09.2012 14:44:45 | Computer Name = Felipe-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 361 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
[ System Events ]
Error - 27.07.2012 11:47:57 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 30.07.2012 03:54:50 | Computer Name = Felipe-PC | Source = bowser | ID = 8003
Description =
Error - 02.08.2012 04:31:30 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 03.08.2012 11:36:58 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 04.08.2012 10:11:46 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.08.2012 04:00:12 | Computer Name = Felipe-PC | Source = bowser | ID = 8003
Description =
Error - 09.08.2012 05:41:04 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 14.08.2012 04:06:58 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 16.08.2012 05:14:50 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 17.08.2012 11:18:02 | Computer Name = Felipe-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Letztes Update für heute: Ich habe eine Testversion von der ESET Smart Security installiert, die die Datei MSI329d.tmp nicht als infiziert erkennt. Eine Übertragung in die Quarantäne ist aber, ebenso wie bei Malwarebytes nicht komplett möglich, die Datei bleibt wohl zu teilen - so eine Meldung - im Ordner. Wie werde ich sie also los? Gute Nacht erstmal! Geändert von Felipe- (07.09.2012 um 23:53 Uhr) |
|
11.09.2012, 08:54
| #2 |
| | Hacktool.Hiderun mit Anti-Malware gefunden Mittlerweile ist es kein Problem mehr, ich habe eine Neuinstallation vorgenommen.
__________________Schönen Dank trotzdem. Der Thread kann geschlossen werden. Gruß Felipe |
|
27.09.2012, 13:42
| #3 |
| /// Helfer-Team  | Hacktool.Hiderun mit Anti-Malware gefunden Lektuere zum abarbeiten:
__________________http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun?
__________________ |
|
| Themen zu Hacktool.Hiderun mit Anti-Malware gefunden |
| 7-zip, adobe, application/pdf:, autorun, bho, cleaner pro, converter, eset smart security, explorer, file, firefox, flash player, format, grand theft auto, hacktool.hiderun, helper, home, install.exe, jdownloader, langs, logfile, löschen, mozilla, mp3, nvidia, nvidia update, pdf, plug-in, programme, realtek, registry, revo uninstaller, secunia psi, software, surfen, system, tracker, virus |
Linear-Darstellung
