| |
| |||||||
Log-Analyse und Auswertung: Trojaner Java/ClassLoader in Anwendungsdaten\Sun\Java\Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.04.2013, 16:53
| #1 |
| |  Trojaner Java/ClassLoader in Anwendungsdaten\Sun\Java\ Hallo zusammen, erstmal möchte ich sagen, dass ich es toll finde, dass es dieses Forum und die dahinterstehenden Helfer gibt, danke! Ich habe gestern Sopcast installiert, irgendwie fand ich es komisch, habe es wieder deinstalliert und einen Virenscan (AVG) gemacht, Ergebnis der o.g. Trojaner. ("Alle wurden entfernt, Sie sind nun wieder geschützt") Habe danach Malwarebytes installiert und einen Scan durchgeführt, Ergebnis: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.21.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Claudia :: CS-HOME [Administrator] Schutz: Aktiviert 21.04.2013 11:37:54 mbam-log-2013-04-21 (11-37-54).txt Art des Suchlaufs: Vollständiger Suchlauf (F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 376812 Laufzeit: 1 Stunde(n), 14 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich möchte gerne wissen ob meine Rechner ok ist, oder ob es besser wäre, das Betriebssystem neu zu installieren? Wenn Neuinstallation, müssen dann auch die Partitionen, die nur Daten enthalten, formatiert werden? OTL: OTL logfile created on: 21.04.2013 14:13:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\Dokumente und Einstellungen\Claudia\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,94 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 49,13% Memory free 3,19 Gb Paging File | 2,43 Gb Available in Paging File | 76,06% Paging File free Paging file location(s): f:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Programme Drive F: | 97,65 Gb Total Space | 52,28 Gb Free Space | 53,54% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 89,29 Gb Free Space | 91,43% Space Free | Partition Type: NTFS Drive H: | 97,65 Gb Total Space | 51,03 Gb Free Space | 52,26% Space Free | Partition Type: NTFS Drive I: | 172,80 Gb Total Space | 14,40 Gb Free Space | 8,33% Space Free | Partition Type: NTFS Computer Name: CS-HOME | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.21 13:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe PRC - [2013.04.06 17:01:51 | 000,322,032 | ---- | M] (AVM Berlin) -- F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Apps\2.0\P98VL2ZE.BT5\4E786HR6.87Z\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- F:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- F:\Programme\Garmin\Express Tray\ExpressTray.exe PRC - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- F:\Programme\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe PRC - [2013.03.13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Programme\AVG\AVG2013\avgui.exe PRC - [2013.03.08 18:14:29 | 000,170,912 | ---- | M] (Oracle Corporation) -- F:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Programme\AVG\AVG2013\avgidsagent.exe PRC - [2013.02.26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Programme\AVG\AVG2013\avgrsx.exe PRC - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Programme\AVG\AVG2013\avgwdsvc.exe PRC - [2013.02.19 04:01:34 | 001,116,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Programme\AVG\AVG2013\avgnsx.exe PRC - [2013.02.19 04:01:04 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Programme\AVG\AVG2013\avgemcx.exe PRC - [2013.02.19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Programme\AVG\AVG2013\avgcsrvx.exe PRC - [2013.02.18 19:33:04 | 001,151,152 | ---- | M] () -- F:\Programme\AVG Secure Search\vprot.exe PRC - [2013.02.18 19:33:04 | 000,968,880 | ---- | M] () -- F:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- F:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.11.08 11:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- F:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- F:\Programme\program\soffice.exe PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- F:\Programme\program\soffice.bin PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- F:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.06.24 01:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- F:\Programme\Logitech\SetPointP\SetPoint.exe PRC - [2011.06.17 09:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- F:\Programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe PRC - [2008.01.31 18:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- F:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2005.02.16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- F:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe ========== Modules (No Company Name) ========== MOD - [2013.04.20 19:17:26 | 001,226,752 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\00dcb7347ae65db0c674f059697cbc60\System.WorkflowServices.ni.dll MOD - [2013.04.20 19:16:43 | 001,073,152 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b9810b8ed4fc94ec682ee8217a6c905b\System.ServiceModel.Web.ni.dll MOD - [2013.04.06 13:08:34 | 000,221,696 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll MOD - [2013.04.06 13:08:33 | 000,369,664 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0c6552cb44af800ced291796ff32b748\System.ServiceModel.Routing.ni.dll MOD - [2013.04.06 13:08:32 | 001,139,200 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8f02a194fe5bce225a63ca0587065830\System.ServiceModel.Discovery.ni.dll MOD - [2013.04.06 13:08:31 | 000,082,432 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ab0b49150543e689844c607fe344057d\System.ServiceModel.Channels.ni.dll MOD - [2013.04.06 13:08:30 | 001,392,128 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\db54a8a55271ac4ce8bbaa435f474ed6\System.ServiceModel.Activities.ni.dll MOD - [2013.04.06 13:08:28 | 018,054,144 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll MOD - [2013.04.06 13:07:58 | 001,077,760 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d39d7af1c84535e19dbf92d804f906a2\System.IdentityModel.ni.dll MOD - [2013.04.06 13:06:05 | 000,646,656 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll MOD - [2013.04.06 13:06:04 | 001,020,928 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll MOD - [2013.04.06 13:06:03 | 002,637,312 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll MOD - [2013.04.06 13:06:03 | 000,142,848 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll MOD - [2013.04.06 13:06:00 | 000,391,680 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\80383b3ebbbeb285cb6164b84d3e1e85\System.Xml.Linq.ni.dll MOD - [2013.04.06 13:05:59 | 001,801,216 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll MOD - [2013.04.06 13:03:42 | 018,000,384 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll MOD - [2013.04.06 13:03:23 | 011,451,904 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll MOD - [2013.04.06 13:03:10 | 003,856,896 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll MOD - [2013.04.06 13:03:05 | 000,755,712 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65e520f98f7674d462d26671c1ce97a7\PresentationFramework.Luna.ni.dll MOD - [2013.04.06 13:00:58 | 000,739,328 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\b8cef9be9e5e7e9c533b639c9ef6dfe8\System.Security.ni.dll MOD - [2013.04.06 13:00:54 | 005,618,176 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll MOD - [2013.04.06 13:00:48 | 000,980,480 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll MOD - [2013.04.06 13:00:46 | 007,053,824 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll MOD - [2013.04.06 13:00:37 | 013,198,336 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll MOD - [2013.04.06 13:00:26 | 001,667,584 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll MOD - [2013.04.06 13:00:24 | 009,093,120 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll MOD - [2013.04.06 13:00:15 | 014,412,800 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2013.02.22 09:07:43 | 000,985,088 | ---- | M] () -- F:\Programme\program\libxml2.dll MOD - [2013.02.18 19:33:04 | 001,151,152 | ---- | M] () -- F:\Programme\AVG Secure Search\vprot.exe MOD - [2013.02.18 19:33:04 | 000,968,880 | ---- | M] () -- F:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe MOD - [2013.02.18 19:33:04 | 000,156,848 | ---- | M] () -- F:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll MOD - [2012.12.18 16:28:26 | 000,301,056 | ---- | M] () -- F:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.11.08 11:56:00 | 000,178,056 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll MOD - [2012.11.08 11:56:00 | 000,034,184 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll MOD - [2012.11.08 11:55:58 | 000,149,384 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll MOD - [2012.11.08 11:55:54 | 000,014,728 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll MOD - [2012.11.08 11:55:52 | 000,024,456 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll MOD - [2012.11.08 11:55:52 | 000,015,752 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll MOD - [2012.11.08 11:55:50 | 000,039,816 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll MOD - [2012.11.08 11:55:50 | 000,016,776 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll MOD - [2012.11.08 11:55:48 | 000,239,496 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll MOD - [2012.11.08 11:55:48 | 000,026,504 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll MOD - [2012.11.08 11:55:46 | 000,124,808 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll MOD - [2012.11.08 11:55:44 | 000,092,040 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll MOD - [2012.11.08 11:55:42 | 000,018,312 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll MOD - [2012.11.08 11:54:34 | 000,880,640 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll MOD - [2012.10.23 22:58:36 | 000,798,720 | ---- | M] () -- F:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll MOD - [2011.06.24 01:44:34 | 000,877,848 | ---- | M] () -- F:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ========== Services (SafeList) ========== SRV - [2013.04.18 08:04:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.12 14:26:59 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- F:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- F:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- F:\Programme\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service) SRV - [2013.03.08 18:14:29 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- F:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013.02.18 19:33:04 | 000,968,880 | ---- | M] () [Auto | Running] -- F:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- F:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.10.23 23:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- F:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- F:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.06.17 09:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- F:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- F:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | Disabled | Running] -- System32\DRIVERS\dvd43llh.sys -- (dvd43llh) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.04.06 17:01:44 | 000,105,728 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\avmaura.sys -- (avmaura) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013.02.26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013.02.18 19:33:04 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013.02.14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013.02.08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- F:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013.02.08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx) DRV - [2013.02.08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013.02.08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013.02.08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- F:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.10.20 18:25:34 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.04.30 14:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2011.04.30 13:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.09.17 19:42:46 | 000,179,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd) DRV - [2010.09.17 19:42:46 | 000,179,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2010.09.17 19:42:46 | 000,064,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2010.08.27 06:32:30 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.08.27 06:32:30 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) DRV - [2010.08.27 06:32:30 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) DRV - [2010.08.27 06:32:30 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2010.05.28 13:24:56 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2008.03.27 11:42:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice) DRV - [2008.03.27 11:42:46 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice) DRV - [2006.12.21 10:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2006.08.14 08:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- F:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2006.07.11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006.07.11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - F:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{5FF32270-1384-4777-B59E-0DA3ACAB781F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={BA10FC75-E407-4271-8BD5-52C6DED3CEFB}&mid=25d04108b37f47d1a009d1509d397fb8-bd3e67f1fa36de7a7c95aa5a2b2d58c5d5f253ab&lang=de&ds=AVG&pr=fr&d=2012-10-05 09:10:07&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS - Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://startpage.com/deu/" FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7Bc840e246-6b95-475e-9bd7-caa1c7eca9f2%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.109 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: avg@toolbar:10.0.0.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7 FF - prefs.js..network.proxy.ftp: "57.90.36.24" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "67.227.162.195" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.socks: "57.90.36.24" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "57.90.36.24" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: F:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: F:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: F:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: F:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: F:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: F:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 19:33:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: F:\Programme\Mozilla Firefox\components [2013.04.12 14:27:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: F:\Programme\Mozilla Firefox\plugins [2013.04.12 14:26:52 | 000,000,000 | ---D | M] [2010.10.10 12:03:31 | 000,000,000 | ---D | M] (No name found) -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Extensions [2013.04.21 09:52:44 | 000,000,000 | ---D | M] (No name found) -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\extensions [2013.04.06 11:47:11 | 000,000,000 | ---D | M] (Garmin Communicator) -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.04.04 08:16:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.12 10:15:20 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.06.28 17:16:30 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.08.18 13:02:20 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\extensions\DeviceDetection@logitech.com [2012.12.12 09:38:11 | 000,036,098 | ---- | M] () (No name found) -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.04.20 17:08:47 | 000,001,276 | ---- | M] () -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\searchplugins\ixquick-https---deutsch.xml [2013.04.21 09:50:45 | 000,005,492 | ---- | M] () -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mozilla\Firefox\Profiles\n6cyun66.default\searchplugins\startpage-https---deutsch.xml [2013.04.12 14:26:51 | 000,000,000 | ---D | M] (No name found) -- F:\Programme\Mozilla Firefox\extensions [2013.04.12 14:26:51 | 000,000,000 | ---D | M] (Java Console) -- F:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 14:26:51 | 000,000,000 | ---D | M] (Java Console) -- F:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.12 14:26:51 | 000,000,000 | ---D | M] (Java Console) -- F:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.02.18 19:33:09 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- F:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1 [2013.04.12 14:27:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- F:\Programme\mozilla firefox\components\browsercomps.dll [2009.10.23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- F:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2013.04.20 17:08:47 | 000,001,400 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.20 17:08:47 | 000,003,831 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2013.04.20 17:08:47 | 000,001,679 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\bing.xml [2013.04.20 17:08:47 | 000,000,947 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.04.20 17:08:47 | 000,006,818 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.20 16:45:33 | 000,001,277 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.20 17:08:47 | 000,000,903 | ---- | M] () -- F:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - F:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Programme\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - F:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - F:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - F:\Programme\uTorrentBar_DE\prxtbuTo0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] F:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] F:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_UI] F:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ControlCenter3] F:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EvtMgr6] F:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [ISUSPM Startup] F:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] F:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [Reader Application Helper] F:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [SSBkgdUpdate] F:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [vProt] F:\Programme\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [AVMUSBFernanschluss] F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Apps\2.0\P98VL2ZE.BT5\4E786HR6.87Z\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [GarminExpressTrayApp] F:\Programme\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKCU..\Run: [Xvid] F:\Programme\Xvid\CheckUpdate.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] F:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\forteManager.lnk = F:\Programme\LG Soft India\forteManager\bin\Monitor.exe () O4 - Startup: F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = F:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O4 - Startup: F:\Dokumente und Einstellungen\Claudia\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk = F:\Programme\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A11337FC-45B2-45A8-B0EB-44815AC745BD}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Programme\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (f:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - f:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7f96b679-d3c9-11df-8ad0-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{7f96b679-d3c9-11df-8ad0-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7f96b679-d3c9-11df-8ad0-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (F:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.21 13:07:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe [2013.04.21 11:12:22 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Malwarebytes [2013.04.21 11:12:15 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.04.21 11:12:15 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.04.21 11:12:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys [2013.04.21 11:12:14 | 000,000,000 | ---D | C] -- F:\Programme\Malwarebytes' Anti-Malware [2013.04.21 11:11:25 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- F:\Dokumente und Einstellungen\Claudia\Desktop\mbam-setup-1.75.0.1300.exe [2013.04.20 17:08:47 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Claudia\IO [2013.04.20 17:05:05 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VAFPlayer [2013.04.20 17:05:04 | 000,000,000 | ---D | C] -- F:\Programme\Tuguu SL [2013.04.20 17:05:04 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\player [2013.04.20 17:03:15 | 000,000,000 | ---D | C] -- F:\Programme\DomaIQ Uninstaller [2013.04.20 17:00:01 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2013.04.20 16:46:10 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2013.04.20 16:45:39 | 000,000,000 | ---D | C] -- F:\Programme\Microsoft Silverlight [2013.04.20 16:45:25 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- F:\WINDOWS\System32\dhRichClient3.dll [2013.04.20 16:45:21 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\DesktopIconForAmazon [2013.04.20 16:45:20 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\OCS [2013.04.15 07:45:32 | 000,000,000 | ---D | C] -- F:\Programme\NVIDIA Corporation [2013.04.12 14:26:50 | 000,000,000 | ---D | C] -- F:\Programme\Mozilla Firefox [2013.04.06 17:01:52 | 000,105,728 | ---- | C] (AVM Berlin) -- F:\WINDOWS\System32\drivers\avmaura.sys [2013.04.06 12:02:45 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Claudia\Eigene Dateien\Garmin [2013.04.06 11:56:31 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\Garmin [2013.04.06 11:56:09 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Garmin [2013.04.06 11:55:58 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Garmin [2013.04.06 11:55:58 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Garmin [2013.04.06 11:55:56 | 000,000,000 | ---D | C] -- F:\Programme\Garmin [2013.04.06 11:52:02 | 000,000,000 | ---D | C] -- F:\Programme\Microsoft.NET [2013.04.06 11:51:16 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache [2013.04.06 11:47:25 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Garmin [2013.04.04 18:41:02 | 000,000,000 | ---D | C] -- F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG [2013.04.02 09:54:09 | 000,000,000 | --SD | C] -- F:\Dokumente und Einstellungen\Claudia\Eigene Dateien\KH1 [2013.04.02 09:30:20 | 000,000,000 | --SD | C] -- F:\Dokumente und Einstellungen\Claudia\Eigene Dateien\KH [8 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ] [12 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.21 14:12:00 | 000,000,884 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.21 13:29:00 | 000,001,092 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.04.21 13:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Dokumente und Einstellungen\Claudia\Desktop\OTL.exe [2013.04.21 13:06:45 | 000,000,000 | ---- | M] () -- F:\Dokumente und Einstellungen\Claudia\defogger_reenable [2013.04.21 13:06:20 | 000,050,477 | ---- | M] () -- F:\Dokumente und Einstellungen\Claudia\Desktop\Defogger.exe [2013.04.21 11:12:16 | 000,000,756 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.21 11:11:25 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- F:\Dokumente und Einstellungen\Claudia\Desktop\mbam-setup-1.75.0.1300.exe [2013.04.21 10:42:01 | 000,000,664 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat [2013.04.21 09:56:06 | 000,520,880 | ---- | M] () -- F:\WINDOWS\System32\perfh007.dat [2013.04.21 09:56:06 | 000,497,146 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat [2013.04.21 09:56:06 | 000,102,682 | ---- | M] () -- F:\WINDOWS\System32\perfc007.dat [2013.04.21 09:56:06 | 000,085,630 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat [2013.04.21 09:38:31 | 000,013,646 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl [2013.04.21 09:38:27 | 000,001,088 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.04.21 09:37:59 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat [2013.04.20 17:05:06 | 000,001,898 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\VAFPlayer.lnk [2013.04.15 07:45:51 | 001,072,544 | ---- | M] () -- F:\WINDOWS\System32\nvdrsdb0.bin [2013.04.15 07:45:51 | 000,000,001 | ---- | M] () -- F:\WINDOWS\System32\nvdrssel.bin [2013.04.15 07:45:46 | 001,072,544 | ---- | M] () -- F:\WINDOWS\System32\nvdrsdb1.bin [2013.04.15 07:45:46 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\nvdrswr.lk [2013.04.15 07:39:37 | 000,081,191 | ---- | M] () -- F:\WINDOWS\System32\nvapps.xml [2013.04.12 07:23:16 | 000,150,792 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT [2013.04.11 18:30:59 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK [2013.04.06 17:01:44 | 000,105,728 | ---- | M] (AVM Berlin) -- F:\WINDOWS\System32\drivers\avmaura.sys [2013.04.06 11:56:09 | 000,001,605 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Garmin Express.lnk [2013.04.04 18:41:01 | 000,000,698 | ---- | M] () -- F:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys [2013.03.31 13:16:06 | 000,038,400 | ---- | M] () -- F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.25 09:16:14 | 000,413,208 | ---- | M] () -- F:\Dokumente und Einstellungen\Claudia\Desktop\Anleitungen zum Einscannen und Einlesen von Buechern.pdf [8 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ] [12 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.21 13:06:45 | 000,000,000 | ---- | C] () -- F:\Dokumente und Einstellungen\Claudia\defogger_reenable [2013.04.21 13:06:19 | 000,050,477 | ---- | C] () -- F:\Dokumente und Einstellungen\Claudia\Desktop\Defogger.exe [2013.04.21 11:12:16 | 000,000,756 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.20 17:05:06 | 000,001,898 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\VAFPlayer.lnk [2013.04.20 16:45:25 | 000,338,432 | ---- | C] () -- F:\WINDOWS\System32\sqlite36_engine.dll [2013.04.15 07:45:46 | 001,072,544 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb1.bin [2013.04.15 07:45:46 | 001,072,544 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb0.bin [2013.04.15 07:45:46 | 000,000,001 | ---- | C] () -- F:\WINDOWS\System32\nvdrssel.bin [2013.04.15 07:45:46 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\nvdrswr.lk [2013.04.06 13:13:12 | 000,872,561 | ---- | C] () -- F:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-507921405-329068152-725345543-1003-0.dat [2013.04.06 13:13:12 | 000,158,466 | ---- | C] () -- F:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2013.04.06 11:56:09 | 000,001,605 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\Garmin Express.lnk [2013.04.02 08:59:04 | 000,000,698 | ---- | C] () -- F:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2013.03.25 09:15:47 | 000,413,208 | ---- | C] () -- F:\Dokumente und Einstellungen\Claudia\Desktop\Anleitungen zum Einscannen und Einlesen von Buechern.pdf [2013.02.10 13:10:58 | 000,645,632 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll [2013.02.10 13:10:58 | 000,240,640 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll [2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- F:\WINDOWS\System32\nvdata.data [2013.01.18 19:31:02 | 000,000,091 | ---- | C] () -- F:\WINDOWS\Brfaxrx.ini [2013.01.18 19:31:01 | 000,000,000 | ---- | C] () -- F:\WINDOWS\brdfxspd.dat [2013.01.17 19:59:20 | 000,176,792 | ---- | C] () -- F:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.10.11 13:19:49 | 000,031,864 | ---- | C] () -- F:\WINDOWS\maxlink.ini [2012.08.13 12:08:08 | 000,014,217 | ---- | C] () -- F:\Programme\readme.html [2012.05.08 15:15:36 | 000,000,005 | ---- | C] () -- F:\Programme\basis-link [2012.02.17 16:37:12 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll [2011.12.21 10:05:35 | 000,023,552 | -H-- | C] () -- F:\WINDOWS\System32\mlfcache.dat [2011.09.08 17:38:36 | 000,000,058 | ---- | C] () -- F:\WINDOWS\WININIT.INI [2010.12.26 09:42:27 | 000,038,400 | ---- | C] () -- F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.01 11:42:25 | 000,002,528 | ---- | C] () -- F:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2010.10.13 08:52:25 | 000,002,528 | ---- | C] () -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\$_hpcst$.hpc ========== ZeroAccess Check ========== [2011.03.29 10:03:32 | 000,000,227 | RHS- | M] () -- F:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = F:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = F:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.08 17:21:19 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search [2011.07.23 12:58:33 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar [2012.06.15 15:16:41 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2012.10.05 10:00:06 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012 [2012.10.05 09:10:34 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013 [2011.09.07 20:06:28 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2011.05.13 15:28:49 | 000,000,000 | -H-D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2010.10.10 10:25:54 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\createpart [2010.10.10 10:25:35 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher [2012.01.21 14:17:15 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GameHouse [2013.04.06 11:59:02 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Garmin [2013.01.06 10:14:50 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma [2010.10.10 10:25:34 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher [2013.04.21 09:43:38 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2013.04.06 11:51:19 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache [2012.08.20 11:42:18 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst [2012.04.02 21:03:53 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2013.02.11 11:39:26 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2013.04.20 17:09:46 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2011.01.02 11:05:12 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VistaCodecs [2013.02.11 11:35:34 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zeon [2012.03.16 18:36:31 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2011.01.14 18:07:59 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Amazon [2012.11.01 11:37:45 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\AnvSoft [2012.01.19 08:32:46 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\AVG Secure Search [2012.10.05 09:28:57 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\AVG2013 [2011.09.07 20:06:28 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Babylon [2011.09.28 15:40:34 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\BabylonToolbar [2011.07.12 17:28:44 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\calibre [2011.12.21 10:00:39 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\com.unitedinternet.ums.sms-mms-manager [2013.04.21 09:51:54 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\DesktopIconForAmazon [2011.12.31 18:16:11 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\DVDVideoSoft [2011.12.31 18:15:57 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.03.29 10:16:19 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\ElevatedDiagnostics [2013.04.06 11:57:05 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Garmin [2010.10.10 11:57:58 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\GHISLER [2011.09.08 17:41:40 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\ImgBurn [2011.04.14 09:50:30 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Leadertech [2010.12.31 15:00:22 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Mp3tag [2013.04.20 16:45:20 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\OCS [2010.10.12 20:17:27 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\OpenOffice.org [2011.12.31 19:05:50 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Opera [2010.10.21 10:59:28 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\PC-FAX TX [2013.04.20 17:05:05 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\player [2012.08.20 11:42:18 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\PlayFirst [2013.02.11 11:35:49 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\PriceGong [2013.01.25 15:09:04 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\QuickScan [2012.04.02 21:03:53 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Samsung [2013.02.11 11:35:19 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\ScanSoft [2012.11.06 10:55:15 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\SmartTools [2012.10.05 09:10:14 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\TuneUp Software [2013.04.02 09:19:28 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\UseNeXT [2013.02.11 11:35:33 | 000,000,000 | ---D | M] -- F:\Dokumente und Einstellungen\Claudia\Anwendungsdaten\Zeon ========== Purity Check ========== < End of report > OTL Extras logfile created on: 21.04.2013 14:13:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\Dokumente und Einstellungen\Claudia\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,94 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 49,13% Memory free 3,19 Gb Paging File | 2,43 Gb Available in Paging File | 76,06% Paging File free Paging file location(s): f:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Programme Drive F: | 97,65 Gb Total Space | 52,28 Gb Free Space | 53,54% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 89,29 Gb Free Space | 91,43% Space Free | Partition Type: NTFS Drive H: | 97,65 Gb Total Space | 51,03 Gb Free Space | 52,26% Space Free | Partition Type: NTFS Drive I: | 172,80 Gb Total Space | 14,40 Gb Free Space | 8,33% Space Free | Partition Type: NTFS Computer Name: CS-HOME | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- F:\Programme\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "F:\Programme\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "F:\Programme\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "F:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "F:\Programme\Microsoft ActiveSync\rapimgr.exe" = F:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "F:\Programme\Microsoft ActiveSync\wcescomm.exe" = F:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "F:\Programme\Microsoft ActiveSync\WCESMgr.exe" = F:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "F:\WINDOWS\system32\muzapp.exe" = F:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player "F:\Programme\Google\Google Earth\plugin\geplugin.exe" = F:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "F:\Programme\AVG\AVG10\avgmfapx.exe" = F:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm "F:\Programme\Opera\opera.exe" = F:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "F:\Programme\VideoLAN\VLC\vlc.exe" = F:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- (VideoLAN) "F:\Programme\AVG\AVG2012\avgmfapx.exe" = F:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm "F:\Programme\Microsoft ActiveSync\rapimgr.exe" = F:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "F:\Programme\Microsoft ActiveSync\wcescomm.exe" = F:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "F:\Programme\Microsoft ActiveSync\WCESMgr.exe" = F:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application "F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Apps\2.0\P98VL2ZE.BT5\4E786HR6.87Z\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Apps\2.0\P98VL2ZE.BT5\4E786HR6.87Z\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin) "F:\Programme\AVG\AVG2013\avgmfapx.exe" = F:\Programme\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.) "F:\Programme\AVG\AVG2013\avgnsx.exe" = F:\Programme\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "F:\Programme\AVG\AVG2013\avgdiagex.exe" = F:\Programme\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG-Diagnose 2013 -- (AVG Technologies CZ, s.r.o.) "F:\Programme\AVG\AVG2013\avgemcx.exe" = F:\Programme\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.) "F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Apps\2.0\P98VL2ZE.BT5\4E786HR6.87Z\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe" = F:\Dokumente und Einstellungen\Claudia\Lokale Einstellungen\Apps\2.0\P98VL2ZE.BT5\4E786HR6.87Z\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin) "F:\Programme\SopCast\SopCast.exe" = F:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013 "{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{6E315D6D-0F1C-4C27-920B-807B4F57C8B2}" = Brother MFL-Pro Suite MFC-5890CN "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7735BD50-87C5-4838-A276-4A3621BBD306}" = AVG 2013 "{7A912BF0-8D57-406A-B999-DEC81D73554F}" = calibre "{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 11 Personal Demo "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager "{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express "{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AVG" = AVG 2013 "AVG Secure Search" = AVG Security Toolbar "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "ie8" = Windows Internet Explorer 8 "ImgBurn" = ImgBurn "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.48 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "Opera 12.02.1578" = Opera 12.02 "PDASkatSP" = PDASkat for Smartphones(remove only) "PDFTK Builder_is1" = PDFTK Builder 3.5.3 "ShrinkTo5Basic" = ShrinkTo5Basic "SmartToolsFerien & Feiertags-Assistent 2013v6.00" = SmartTools Publishing • Outlook Ferien & Feiertags-Assistent 2013 "sp6" = Logitech SetPoint 6.30 "TAIL1.2" = TAIL "Totalcmd" = Total Commander (Remove or Repair) "uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar "VLC media player" = VLC media player 2.0.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.20 (32-Bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid Video Codec 1.3.2" = Xvid Video Codec "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f018cf21c0452c64" = FRITZ!Box USB-Fernanschluss ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.01.2013 05:03:59 | Computer Name = CS-HOME | Source = MsiInstaller | ID = 11704 Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Fehler 1704. SA_Error1704: StandardAction(0xC00706A8): Eine Installation von AVG 2013 ist im Augenblick unterbrochen. Sie müssen die von dieser Installation vorgenommenen Änderungen rückgängig machen, bevor Sie fortfahren können. Möchten Sie diese Änderungen rückgängig machen? Error - 27.02.2013 15:21:00 | Computer Name = CS-HOME | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung reader.exe, Version 2.0.1.11080, fehlgeschlagenes Modul msvcr90.dll, Version 9.0.30729.6161, Fehleradresse 0x0003ae7a. Error - 27.02.2013 15:21:04 | Computer Name = CS-HOME | Source = Application Error | ID = 1001 Description = Fehlerhafter Speicherbereich -1014929889. Error - 15.03.2013 08:44:49 | Computer Name = CS-HOME | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung fritzbox-usb-fernanschluss.exe, Version 2.2.1.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 09.04.2013 04:15:50 | Computer Name = CS-HOME | Source = Microsoft Office 11 | ID = 1000 Description = Faulting application outlook.exe, version 11.0.5510.0, stamp 3f1380f0, faulting module outllib.dll, version 11.0.5608.0, stamp 3f35d24e, debug? 0, fault address 0x00026b67. Error - 16.04.2013 14:34:36 | Computer Name = CS-HOME | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 20.0.1.4847, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 16.04.2013 14:34:39 | Computer Name = CS-HOME | Source = Application Hang | ID = 1001 Description = Fehlerhafter Speicherbereich -773425913. Error - 20.04.2013 02:59:25 | Computer Name = CS-HOME | Source = .NET Runtime | ID = 0 Description = Error - 21.04.2013 05:35:13 | Computer Name = CS-HOME | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 20.0.1.4847, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 21.04.2013 05:35:17 | Computer Name = CS-HOME | Source = Application Hang | ID = 1001 Description = Fehlerhafter Speicherbereich -773425913. [ System Events ] Error - 16.04.2013 02:10:23 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 16.04.2013 02:13:43 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 16.04.2013 09:10:27 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 16.04.2013 14:26:54 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 16.04.2013 14:26:55 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 18.04.2013 01:56:14 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 20.04.2013 02:51:58 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 20.04.2013 10:42:12 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 20.04.2013 13:02:45 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt Error - 21.04.2013 03:38:20 | Computer Name = CS-HOME | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: i8042prt < End of report > GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-04-21 17:29:04 Windows 5.1.2600 Service Pack 3 Running: gmer_2.1.19163.exe; Driver: F:\DOKUME~1\Claudia\LOKALE~1\Temp\ugldqpob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB84095D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB8409700] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB8409010] SSDT \??\F:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xB82691AE] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB8409300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB84093E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB8409120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB8409210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB84094D0] ---- Kernel code sections - GMER 2.1 ---- .text F:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6B7B3C0, 0x84E2FA, 0xE8000020] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ---- Vielen Dank CLaudia |
| Themen zu Trojaner Java/ClassLoader in Anwendungsdaten\Sun\Java\ |
| administrator, adobe, adobe flash player, avg, avg secure search, avg security toolbar, bho, defender, domaiq, error, explorer, firefox, flash player, internet browser, intranet, java or classloader, logfile, monitor.exe, mozilla, mp3, msiinstaller, nvidia, plug-in, port, realtek, registry, rundll, rückgängig, scan, secure search, security, software, tarma, temp, total commander, trojaner, udp, vtoolbarupdater, windows internet, wmp |
Baum-Darstellung