Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden

EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden


Log-Analyse und Auswertung: EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.09.2012, 09:30   #1
Capital77
 
EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden - Standard

EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden


Hallo,

heute Morgen hat mir Avira Free Antivirus binnen 20 Minuten zweimal EXP/2012-4681.J.1 gefunden. Einmal gefunden in C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 sowie in C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20. Nach Bekanntwerden der Sicherheitslücke wurde von mir Java Update 7 installiert. Inzwischen habe ich Java deaktiviert, wie von euch empfohlen, da das Patch die eine Lücke schließt, eine weitere aber öffnet. Avira hat beide Funde in Quarantäne verbannt. Seitdem erstmal keine weiteren Funde. Malwarebytes Anti-Malware ist ohne Fund. Defogger hat keine Fehlermeldung angezeigt. OLT hat folgende olt.txt und extras.txt generiert:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.09.2012 09:02:27 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Dennis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 51,84% Memory free
7,50 Gb Paging File | 5,51 Gb Available in Paging File | 73,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 427,27 Gb Free Space | 91,76% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 137,52 Gb Free Space | 92,27% Space Free | Partition Type: NTFS
Drive F: | 37,31 Gb Total Space | 26,59 Gb Free Space | 71,26% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.11 09:02:14 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL.exe
PRC - [2012.09.11 07:28:54 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.07 09:56:18 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.23 07:12:33 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012.08.08 11:44:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.11 12:21:56 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.11 07:28:54 | 000,697,884 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~df394b.tmp
MOD - [2012.09.11 07:28:54 | 000,592,896 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0000\~de6248.tmp
MOD - [2012.09.07 09:56:18 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.08.23 07:12:33 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012.07.17 09:55:05 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
MOD - [2012.07.17 09:31:07 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.07.17 09:30:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.07.17 09:30:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.07.17 09:30:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.07.17 09:30:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.07.17 09:30:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.07.17 09:30:14 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.07 09:56:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.23 07:12:33 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.11 12:23:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.07.11 12:22:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.07.11 12:21:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.07.13 09:18:50 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.07.11 12:20:07 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.09.17 13:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 3A 1B 85 46 5F CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de"
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=9d89244d-4a60-4eb2-875e-178af695acda&affid=110774&searchtype=ds&babsrc=lnkry&q="
FF - prefs.js..network.proxy.type: 1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 09:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 09:56:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.11 12:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2012.08.30 13:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions
[2012.08.30 13:34:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.16 12:15:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.04 16:27:06 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\ALone-live@ya.ru
[2012.08.06 11:48:38 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\foxyproxy@eric.h.jung
[2012.07.16 12:17:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\tu0p1fla.default\extensions\ich@maltegoetz.de
[2012.07.25 08:59:00 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.21 23:40:27 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.07.18 07:44:13 | 000,002,474 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\tu0p1fla.default\searchplugins\Web Search.xml
[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 09:56:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.09.07 09:56:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.11 12:37:00 | 000,002,351 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.29 20:13:45 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3027210-D3A2-4D43-B8E8-ECF87CBA31D4}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.11 07:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.11 07:52:16 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2012.09.11 07:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.11 07:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.11 07:52:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.11 07:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.07 09:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.08.31 10:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.24 10:58:34 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\30-6-06-31-12-11
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 09:01:49 | 000,000,000 | ---- | M] () -- C:\Users\Dennis\defogger_reenable
[2012.09.11 08:31:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.11 07:52:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.11 07:36:01 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 07:36:01 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 07:33:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.11 07:33:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.11 07:33:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.11 07:33:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.11 07:33:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.11 07:28:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.11 07:28:36 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 14:06:18 | 000,207,569 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel
[2012.09.05 11:55:20 | 000,010,996 | ---- | M] () -- C:\Users\Dennis\Documents\DieZEITKündigung.odt
[2012.09.03 16:41:51 | 000,000,206 | ---- | M] () -- C:\Users\Dennis\Documents\cc_20120903_164133.reg
[2012.08.26 16:54:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.22 17:09:40 | 004,147,334 | ---- | M] () -- C:\Users\Dennis\Desktop\30-6-06-31-12-11.rar
[2012.08.16 16:33:58 | 000,001,186 | ---- | M] () -- C:\Users\Dennis\Documents\cc_20120816_163355.reg
[2012.08.15 14:58:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.15 10:24:02 | 000,304,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.14 14:12:30 | 000,010,783 | ---- | M] () -- C:\Users\Dennis\Desktop\Anlagespiegel2011.pdf
[2012.08.14 14:11:52 | 000,008,881 | ---- | M] () -- C:\Users\Dennis\Desktop\Anlagespiegel2010.pdf
[2012.08.14 12:48:29 | 000,269,271 | ---- | M] () -- C:\Users\Dennis\Desktop\Abschreibungen.jpg
[2012.08.14 12:33:28 | 000,011,664 | ---- | M] () -- C:\Users\Dennis\Desktop\E-Ü2011Wolter.pdf
[2012.08.14 11:27:09 | 000,006,659 | ---- | M] () -- C:\Users\Dennis\Desktop\BWA2011Wolter.pdf
[2012.08.14 11:23:55 | 000,021,980 | ---- | M] () -- C:\Users\Dennis\Desktop\SummenundSaldenlisteWolter.pdf
[2012.08.14 11:20:49 | 002,609,028 | ---- | M] () -- C:\Users\Dennis\Desktop\KontenausdruckSachkontenWolter.pdf
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.11 09:01:49 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\defogger_reenable
[2012.09.11 07:52:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.06 14:06:18 | 000,207,569 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel
[2012.09.05 11:55:18 | 000,010,996 | ---- | C] () -- C:\Users\Dennis\Documents\DieZEITKündigung.odt
[2012.09.03 16:41:45 | 000,000,206 | ---- | C] () -- C:\Users\Dennis\Documents\cc_20120903_164133.reg
[2012.08.22 17:09:35 | 004,147,334 | ---- | C] () -- C:\Users\Dennis\Desktop\30-6-06-31-12-11.rar
[2012.08.16 16:33:57 | 000,001,186 | ---- | C] () -- C:\Users\Dennis\Documents\cc_20120816_163355.reg
[2012.08.15 14:58:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.14 14:12:30 | 000,010,783 | ---- | C] () -- C:\Users\Dennis\Desktop\Anlagespiegel2011.pdf
[2012.08.14 14:11:51 | 000,008,881 | ---- | C] () -- C:\Users\Dennis\Desktop\Anlagespiegel2010.pdf
[2012.08.14 12:48:28 | 000,269,271 | ---- | C] () -- C:\Users\Dennis\Desktop\Abschreibungen.jpg
[2012.08.14 12:33:27 | 000,011,664 | ---- | C] () -- C:\Users\Dennis\Desktop\E-Ü2011Wolter.pdf
[2012.08.14 11:27:07 | 000,006,659 | ---- | C] () -- C:\Users\Dennis\Desktop\BWA2011Wolter.pdf
[2012.08.14 11:23:53 | 000,021,980 | ---- | C] () -- C:\Users\Dennis\Desktop\SummenundSaldenlisteWolter.pdf
[2012.08.14 11:19:55 | 002,609,028 | ---- | C] () -- C:\Users\Dennis\Desktop\KontenausdruckSachkontenWolter.pdf
[2012.07.12 16:39:33 | 000,012,772 | ---- | C] () -- C:\Users\Dennis\AppData\Local\recently-used.xbel
[2012.07.12 16:33:59 | 000,000,051 | ---- | C] () -- C:\Users\Dennis\.gtk-bookmarks
[2012.07.12 08:36:46 | 000,018,927 | ---- | C] () -- C:\Users\Dennis\Wettergebnisse.ods
[2012.07.11 15:26:12 | 000,339,456 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2012.07.11 12:24:18 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2012.07.11 12:24:18 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2012.07.11 12:24:18 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2012.07.11 12:23:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.07.11 12:23:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.05.13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
 
========== LOP Check ==========
 
[2012.07.11 15:24:43 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AbeBooks
[2012.07.11 12:36:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon
[2012.09.11 09:00:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BayWotch4
[2012.07.12 08:40:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DeviceVm
[2012.07.16 12:44:24 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoft
[2012.07.16 12:15:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.11 17:02:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EPSON
[2012.09.06 18:50:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FileZilla
[2012.09.06 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0
[2012.08.06 11:14:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\JonDo
[2012.07.17 15:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Lexware
[2012.07.17 22:44:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy
[2012.07.11 16:39:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2012.08.26 16:28:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.09.2012 09:02:27 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Dennis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 51,84% Memory free
7,50 Gb Paging File | 5,51 Gb Available in Paging File | 73,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 427,27 Gb Free Space | 91,76% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 137,52 Gb Free Space | 92,27% Space Free | Partition Type: NTFS
Drive F: | 37,31 Gb Total Space | 26,59 Gb Free Space | 71,26% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B1189D-3978-4F15-91DE-B7DAB67DA423}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{112F0011-C15E-4974-871A-F93458C5FEB2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1AFA8785-70BF-4E4A-A024-6E21B47EBB46}" = rport=139 | protocol=6 | dir=out | app=system | 
"{299F4D7B-33E0-4C99-A65A-2C842FCED951}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2AE6545E-5A42-4FA4-B4D0-35BC62B3C1E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2DF64AA4-6355-477E-B8C0-D87DF92F6F55}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2FE8C3B7-C365-497E-8F7F-DFFA69A83EED}" = lport=139 | protocol=6 | dir=in | app=system | 
"{335C4A70-4810-4C32-BB60-51C5584F560C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{381A55A4-F720-419F-B0FA-805ADB5D14D5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3A526173-7BBA-465B-8959-EFA6A0FBA6E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4DEF1656-E77A-4E0C-A01E-EC5D81D78084}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52BD8497-D93E-4D73-999F-7F0EE688EEE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63F8A6C4-6327-48DD-806B-9081991BDB43}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{64494704-7B85-4C4D-ADA2-DA14F688703B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6C2F4DA8-E950-4F58-924C-E97767F8D4B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C3A6AD2-BE02-4AF6-A731-DC9B9C1FCC31}" = rport=138 | protocol=17 | dir=out | app=system | 
"{78168426-D485-4794-8227-3ABDBEFA9380}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7AA47D3C-A842-4BDF-91F2-98D7B069DCD1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7CB7E00D-3799-4004-B880-7086380D8935}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{896A18B2-AA00-4889-BEC5-B36F142B525A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A27BF488-5D0E-4E61-BF7B-87D45BD63BA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BAFBA56A-DB00-4B8B-BBCC-A94D332A4E84}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BB73AB4F-0F09-43FD-8683-7473CA0F96F6}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{097292A4-F9F3-4710-8B41-0DF7F5CC5122}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{296AF6F5-8FC0-4BB0-8113-D9CC125E0E60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3313D4EB-E062-4E1A-A6F6-C30D3407D629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37D60920-3053-44CF-A0C0-FB4734E74A74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AB077A2-F459-4FE4-8EE0-A76826C18F9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6554F6D3-087F-4851-B6ED-F1DCFB1944A0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{67C61171-C600-48DD-ABCD-BCA70E8B8EFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7229006A-F18A-425A-A243-C890969A95B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93ECE110-DB02-4028-99C9-738BAADEFA01}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A17726FA-F46D-4C39-AE27-DAB50134D2AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB061C08-B869-4F97-A8B6-1EE559A721DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B1F4CE40-27E5-421F-819C-AA11B5E18D4E}" = protocol=6 | dir=out | app=system | 
"{BA318F39-26A1-4614-BFF4-81941FECDC32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8C786BB-0981-48BB-9F6B-548BFEF467D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DDADD0F5-020B-4AF6-9BEF-638C8EC94576}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F2E8172A-FEBD-4262-9505-B6FBB2B6F90C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F350B5CE-7225-4739-BE71-F99C0D8295E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F52A52C3-07B9-4A3B-A656-8154ABC6AA56}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FA07AE71-7C1D-49DF-ADA5-2946565E785C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{CE40BD36-F9C4-42D8-B133-E8756D5D7C65}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{823E98E0-B15C-41CD-BDF7-CDC48D91B275}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09359BE4-C819-485F-AEF8-DCD4D1CBBFC5}" = HomeBase 3
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 34
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}" = Servicepack Datumsaktualisierung
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.0.80
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.87
"Avira AntiVir Desktop" = Avira Free Antivirus
"baywotch4_is1" = BayWotch v4.2.15
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Extended Clipboard_is1" = Extended Clipboard v. Extended Clipboard v. 1.4.24
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"HomeBase 2.3" = HomeBase 2.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SopCast" = SopCast 3.5.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"XFastUsb" = XFastUsb
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 11.09.2012 01:57:37 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dennis\Downloads\esetsmartinstaller_deu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11.09.2012 01:57:41 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Dennis\Downloads\esetsmartinstaller_deu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 09.09.2012 02:37:29 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 09.09.2012 12:27:35 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 09.09.2012 12:27:35 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 10.09.2012 01:46:07 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 10.09.2012 01:46:07 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 11.09.2012 01:29:03 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
--- --- ---


Zitat:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dennis :: DENNIS-PC [Administrator]

Schutz: Aktiviert

11.09.2012 07:53:13
mbam-log-2012-09-11 (07-53-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 451564
Laufzeit: 2 Stunde(n), 44 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Vor einigen Tagen rief ich die Seite antiquariatsrecht.de aus beruflichen Gründen auf. Bisher war diese von Anwälten betriebene Seite sicher. Jetzt wird sie von Google wegen Verbreitung von Malware vorläufig gesperrt. Ob ein Zusammenhang besteht, kann ich nicht beurteilen.

Vielen Dank bereits für die Hilfe und liebe Grüße

Dennis
Geändert von Capital77 (11.09.2012 um 09:39 Uhr)

 

Themen zu EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden
7-zip, antivirus, autorun, avira, bho, converter, desktop, error, firefox, flash player, format, google, home, install.exe, installation, langs, logfile, mozilla, mp3, object, plug-in, registry, richtlinie, scan, search the web, security, software, svchost.exe, udp, vdeck.exe, windows


« GVU Trojaner 2.07 win vista 32bit | Online Cyber Police Trojaner Austria »


Ähnliche Themen: EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden


  1. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Log-Analyse und Auswertung - 02.05.2015 (21)
  2. Windows7: Trojaner EXP/CVE-2013-0422 und EXP/CVE-2012-4681 gefunden
    Mülltonne - 08.04.2015 (3)
  3. Avira meldet JAVA/Agent-Viren sowie EXP/Dldr.Java.O und EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (8)
  4. Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 30.01.2013 (15)
  5. EXP/CVE-2012-4681.A.537 Trojaner auf Laptop hilfe nach Quarantäne
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (28)
  6. HEUR:Exploit.Java.CVE-2012-4681.gen
    Log-Analyse und Auswertung - 26.11.2012 (23)
  7. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  8. HEUR:Exploit.Java.CVE-2012-4681.gen -wie entfernen
    Mülltonne - 15.11.2012 (1)
  9. HEUR:Exploit Java. CVE-2012-4681.gen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (24)
  10. Befall: EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (21)
  11. Avira meldet Fund von EXP/2012-4681.AD
    Log-Analyse und Auswertung - 22.10.2012 (25)
  12. Viren-Warnung Avira: Exploit EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (1)
  13. EXP/2012-4681.N.1 & TR/Agent.trvv.2 erkannt. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (2)
  14. Qurantäne Datei Avira EXP/CVE-2012-4681 (unter anderem)
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (5)
  15. tr/agent.98304.213 zweimal von Avira gefunden, OTL check
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (7)
  16. Zweimal "EXP/CVE-2012-0507" gefunden!
    Log-Analyse und Auswertung - 16.04.2012 (18)
  17. Automatischer Internetabbruch binnen minuten
    Log-Analyse und Auswertung - 15.08.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden - Hallo, heute Morgen hat mir Avira Free Antivirus binnen 20 Minuten zweimal EXP/2012-4681.J.1 gefunden. Einmal gefunden in C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 sowie in C:\Users\Dennis\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20. Nach Bekanntwerden der Sicherheitslücke wurde von mir Java Update - EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden...
Archiv
Du betrachtest: EXP/2012-4681.J.1 von Avira binnen 20 Minuten zweimal gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131