| |
| |||||||
Log-Analyse und Auswertung: Und noch ein System Doctor 2014 OpferWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.06.2013, 15:06
| #1 |
| |  Und noch ein System Doctor 2014 Opfer Habe eben auf einer Seite eines psychologischen Institutes gesurft und plötzlich kam eine dieser "üblichen und häufigen" vierecksfenster, welches für mich auf den ersten Blick aussah wie das typische jdwupdate, also Java Update...einmal zu schnell okay geklickt und zack, das wars. Ganz fieser System Doctor 2014... System: Laptop mit Windows 7 86 bit und Avira Antivir, welcher mich nicht gewarnt hat  Anbei die geforderten Logs: Code:
ATTFilter OTL logfile created on: 09.06.2013 14:35:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User 1\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,45% Memory free 5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 115,60 Gb Free Space | 38,78% Space Free | Partition Type: NTFS Drive F: | 240,95 Mb Total Space | 127,87 Mb Free Space | 53,07% Space Free | Partition Type: FAT32 Computer Name: USER1-PC | User Name: User 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.09 14:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe PRC - [2013.06.09 13:07:32 | 000,708,608 | ---- | M] () -- C:\Users\USER1~1\AppData\Local\Temp\90BB.tmp PRC - [2013.05.23 02:42:44 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013.01.28 15:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.26 21:16:28 | 000,468,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe PRC - [2012.11.26 21:16:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.26 21:16:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.11.26 21:16:27 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2012.11.26 21:16:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.26 21:16:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.09.24 20:47:46 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10NETS.EXE ========== Modules (No Company Name) ========== MOD - [2013.06.09 13:07:32 | 000,708,608 | ---- | M] () -- C:\Users\USER1~1\AppData\Local\Temp\90BB.tmp MOD - [2012.11.26 21:16:28 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2013.05.22 01:09:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 23:55:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2013.01.28 15:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.11.26 21:16:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.26 21:16:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10NETS.EXE -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.12.19 07:41:53 | 000,154,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.11.26 21:16:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.26 21:16:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.16 17:38:46 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.13 17:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 12:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2001.11.14 19:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10uif.sys -- (X10UIF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.autoconfig_url: "https://secure.premiumize.me/d023a2c18839d55005656a58f0b2db16/proxy.pac" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.22 01:09:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.22 01:09:00 | 000,000,000 | ---D | M] [2012.11.04 22:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Extensions [2013.05.09 15:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\15xf9788.default\extensions [2013.02.17 22:13:56 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\15xf9788.default\extensions\foxyproxy@eric.h.jung [2012.12.11 01:59:54 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\extensions\DivXWebPlayer@divx.com.xpi [2013.05.09 15:59:31 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.26 21:21:15 | 000,002,344 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\searchplugins\askcom.xml [2013.05.22 01:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.22 01:09:04 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.11.12 12:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [SD2014] C:\Users\User 1\AppData\Roaming\9dfDadRV\9dfDadRV.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2AE736-63A0-43CE-B69D-296AD6C1DFFD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F099809A-F26F-44B2-B6B2-AF3F51D986F1}: DhcpNameServer = 192.168.221.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 14:33:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe [2013.06.09 13:12:42 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014 [2013.06.09 13:07:35 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\9dfDadRV [2013.05.23 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\User 1\Documents\Amos Dateien [2013.05.22 01:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.06.09 14:33:54 | 000,000,000 | ---- | M] () -- C:\Users\User 1\defogger_reenable [2013.06.09 14:24:50 | 000,050,477 | ---- | M] () -- C:\Users\User 1\Desktop\Defogger.exe [2013.06.09 14:15:50 | 000,377,856 | ---- | M] () -- C:\Users\User 1\Desktop\gmer_2.1.19163.exe [2013.06.09 14:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe [2013.06.09 13:55:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.09 13:12:42 | 000,001,868 | ---- | M] () -- C:\Users\User 1\Desktop\System Doctor 2014.lnk [2013.06.09 13:12:42 | 000,000,112 | ---- | M] () -- C:\Users\User 1\Desktop\System Doctor 2014 support.url [2013.06.09 13:05:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 12:11:16 | 000,019,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 12:11:16 | 000,019,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 23:03:13 | 000,698,926 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.08 23:03:13 | 000,653,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.08 23:03:13 | 000,149,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.08 23:03:13 | 000,121,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.07 12:29:58 | 000,061,460 | ---- | M] () -- C:\Users\User 1\Desktop\Daten 21 mai.sav [2013.05.23 02:42:43 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.05.22 23:43:54 | 003,971,473 | ---- | M] () -- C:\Users\User 1\Desktop\07-GT-I8700-Direy-6[1].pdf [2013.05.16 17:27:42 | 000,001,134 | ---- | M] () -- C:\Users\User 1\Desktop\OnlineTV.exe - Verknüpfung.lnk [2013.05.16 12:28:02 | 000,274,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.10 17:45:58 | 000,000,991 | ---- | M] () -- C:\Users\User 1\Desktop\Word.exe.lnk ========== Files Created - No Company Name ========== [2013.06.09 14:33:54 | 000,000,000 | ---- | C] () -- C:\Users\User 1\defogger_reenable [2013.06.09 14:33:43 | 000,377,856 | ---- | C] () -- C:\Users\User 1\Desktop\gmer_2.1.19163.exe [2013.06.09 14:33:43 | 000,050,477 | ---- | C] () -- C:\Users\User 1\Desktop\Defogger.exe [2013.06.09 13:12:42 | 000,001,868 | ---- | C] () -- C:\Users\User 1\Desktop\System Doctor 2014.lnk [2013.06.09 13:12:42 | 000,000,112 | ---- | C] () -- C:\Users\User 1\Desktop\System Doctor 2014 support.url [2013.06.06 17:18:44 | 000,061,460 | ---- | C] () -- C:\Users\User 1\Desktop\Daten 21 mai.sav [2013.05.23 02:42:43 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.05.22 23:43:54 | 003,971,473 | ---- | C] () -- C:\Users\User 1\Desktop\07-GT-I8700-Direy-6[1].pdf [2013.05.16 17:27:42 | 000,001,134 | ---- | C] () -- C:\Users\User 1\Desktop\OnlineTV.exe - Verknüpfung.lnk [2013.05.10 17:45:58 | 000,000,991 | ---- | C] () -- C:\Users\User 1\Desktop\Word.exe.lnk [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2013.04.02 20:49:42 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2013.04.02 20:49:40 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013.04.02 20:49:40 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013.04.02 20:49:37 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2013.04.02 20:49:19 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2013.01.26 15:32:28 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2013.01.26 15:32:28 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2013.01.18 20:40:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2013.01.15 20:31:49 | 000,274,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.06 12:20:32 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.06.09 13:12:54 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\9dfDadRV [2013.01.11 13:53:32 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\Canneverbe Limited [2012.12.28 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\PhonerLite [2012.12.10 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\Synaptics [2013.01.03 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\TuneUp Software [2013.01.18 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\X10Receiver.NET ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 14:35:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User 1\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,45% Memory free
5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 115,60 Gb Free Space | 38,78% Space Free | Partition Type: NTFS
Drive F: | 240,95 Mb Total Space | 127,87 Mb Free Space | 53,07% Space Free | Partition Type: FAT32
Computer Name: USER1-PC | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA7795-B315-4068-B252-F846ADCB11A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{0BB12F77-9C90-48D0-9CE7-9D21D45000A3}" = rport=137 | protocol=17 | dir=out | app=system |
"{200533A3-C20D-4619-9F1E-5B0A67CDEE04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29B10AC1-D575-4B67-A8E7-C1A2DFB0D57D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30BCFF4F-C14C-477C-B8A4-345C02BF3A6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{404C1DA1-075E-4DED-B480-9BD9F8176841}" = lport=139 | protocol=6 | dir=in | app=system |
"{41847E14-EF6A-4DD5-9C79-2977F3FE7C64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B7E8D19-BA95-475E-AC6B-E41B0DCEB58F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CCCBC0A-FC4A-4F44-87BE-CBF89B2142F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5358AC8B-AE30-480E-AD74-E088AD79E77F}" = lport=445 | protocol=6 | dir=in | app=system |
"{59956AE5-8FCC-40DA-894F-7A76DDAF0A9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{67F0B680-2CCA-480C-BD58-88DCDC015836}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72D4B1D4-6009-46AE-A251-F2137BEF6A48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C582013-E2EC-400B-9B11-C7D7ABA5C67C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D821895-8856-493B-8646-0F63B159A27A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABC6F194-635A-449C-9A8B-4E2073C7BA5B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AD6A1A0A-03B1-4C70-9CD1-C2067EE570DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{CEAF2AE1-F9BF-4A2F-B678-E3914EB6B3B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF3DB56F-10A6-4732-862D-28DD354276C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0F145DB-A3BB-4B43-BACD-502ED9C38E5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D92B0609-E644-4FA6-9998-BB070F8DDF80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E109C6D5-00DD-462B-8051-865356BB7EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB3D2E19-3390-4A67-873D-30B4E29C1525}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1173F20E-673D-4CFB-ACA8-E464E997EF3B}" = protocol=6 | dir=out | app=system |
"{1C1ED9CC-38D7-4AAC-BF03-6DAE10D9048E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EDCDCAD-6BDC-4DB8-ADE3-5F065CDC61BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B621A46-00F0-426F-8B5F-406454B6840D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DFD76E2-4D6F-46BF-BDA5-91C62525F74A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A355A502-FF71-4909-82F5-CA55541087A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A90F37AD-158D-4BA0-A2FE-76C32378B15F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A9B31C75-3C0A-4C73-BEB6-4C603B07DF61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4A073B3-598D-4D2B-A74A-F00A99A416D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BDAF98CD-5752-4210-860E-54ED4956ACBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C93718B3-1996-4F14-83EB-93A3E953875F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA271526-F5BD-421F-9D9B-4325563FD67D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBEE1936-694D-4629-B117-91FCDE7D4755}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7FD8B8C-7536-4986-A245-5F196ECBDFF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8F66029-2FA2-4D86-999D-3688F5581543}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EF4267E1-DBD0-4A05-B02D-6FC3B6AED1EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0B9ED16-4A6A-41E3-B8EC-2A8B648081A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{09F157B7-5F36-44EF-8B42-A6CB6E3B8DF3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{21EC2607-C0BD-40E6-ACD0-5A2DEEEBAB15}C:\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\phonerlite\phonerlite.exe |
"TCP Query User{3BEE6CF7-1401-4AE6-A2D5-CE465D691C9B}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"TCP Query User{49F6B3F2-204B-490F-8EFF-43D0267D5119}C:\mein tv v2.6\vlc.exe" = protocol=6 | dir=in | app=c:\mein tv v2.6\vlc.exe |
"TCP Query User{7426579B-709B-4C59-A2D6-BCCB27478603}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"TCP Query User{936A3F85-EFA0-4258-93AB-0169665F34FE}C:\program files\mein tv v2.4\vlc.exe" = protocol=6 | dir=in | app=c:\program files\mein tv v2.4\vlc.exe |
"TCP Query User{9B37E488-6EF3-4716-980C-7061B0482613}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"TCP Query User{D126BB7C-2853-4C13-8E32-4581B32ECD05}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"TCP Query User{EBB03D78-C928-49AD-8D6B-947F49554730}C:\program files\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files\phonerlite\phonerlite.exe |
"UDP Query User{0EA7A66D-D372-4849-94AA-E38788DF125B}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"UDP Query User{26A2B299-7358-4E6A-BEB3-CAF29AC3E5D8}C:\mein tv v2.6\vlc.exe" = protocol=17 | dir=in | app=c:\mein tv v2.6\vlc.exe |
"UDP Query User{29D0A844-B55B-4D03-8540-5972E79ADAD9}C:\program files\mein tv v2.4\vlc.exe" = protocol=17 | dir=in | app=c:\program files\mein tv v2.4\vlc.exe |
"UDP Query User{465B4E38-4E22-45B9-9A84-1F24FACBFBE1}C:\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\phonerlite\phonerlite.exe |
"UDP Query User{7B2CB0E9-9710-4E9D-A793-B7FB35D42737}C:\program files\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files\phonerlite\phonerlite.exe |
"UDP Query User{9163191B-56C8-41F4-87FE-E60D54666F61}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"UDP Query User{B607DCCF-A232-4855-8E17-B17D41F7751A}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"UDP Query User{BC175B21-646C-4C08-9432-38CA0FBE02CE}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"UDP Query User{CF766CA9-66AC-4A17-9887-EBDE92E8A032}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{304B71E3-1017-4717-86BC-F1D18519FEF2}" = IBM SPSS Amos 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5A3F5B7-60AD-4298-BB2F-7B4CEDBF3896}_is1" = X10Receiver.NET v2
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.8.0
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2013 12:13:47 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 03.06.2013 06:55:37 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 03.06.2013 06:56:01 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 05.06.2013 18:37:52 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 05.06.2013 18:38:17 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 08.06.2013 17:27:04 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 08.06.2013 17:27:27 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 08.06.2013 20:56:05 | Computer Name = User1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0x01ce6498c3070b75 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 5c905c3a-d09f-11e2-866c-002269db33d6
Error - 09.06.2013 06:48:35 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 09.06.2013 06:49:03 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
[ System Events ]
Error - 20.04.2013 07:19:54 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 21.04.2013 14:14:19 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 22.04.2013 13:32:28 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.04.2013 16:31:59 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 27.04.2013 03:58:05 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 27.04.2013 03:58:05 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 27.04.2013 03:58:06 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 27.04.2013 03:58:06 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 27.04.2013 03:58:07 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 30.04.2013 18:45:18 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 16:03:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\USER1~1\AppData\Local\Temp\pgloapob.sys
---- System - GMER 2.1 ----
SSDT 920F0336 ZwCreateSection
SSDT 920F0340 ZwRequestWaitReplyPort
SSDT 920F033B ZwSetContextThread
SSDT 920F0345 ZwSetSecurityObject
SSDT 920F034A ZwSystemDebugControl
SSDT 920F02D7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 140D 8306C9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8308C4F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 83093894 4 Bytes [36, 03, 0F, 92] {ADD ECX, [SS:EDI]; XCHG EDX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 83093BF0 4 Bytes [40, 03, 0F, 92] {INC EAX; ADD ECX, [EDI]; XCHG EDX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 83093C34 4 Bytes [3B, 03, 0F, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 83093CB0 4 Bytes [45, 03, 0F, 92] {INC EBP; ADD ECX, [EDI]; XCHG EDX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 83093D04 4 Bytes [4A, 03, 0F, 92] {DEC EDX; ADD ECX, [EDI]; XCHG EDX, EAX}
.text ...
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\00000080 bthport.sys
Device \Driver\BTHUSB \Device\0000007e bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269db33d6
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269db33d6 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
| Themen zu Und noch ein System Doctor 2014 Opfer |
| 7-zip, antivir, application/pdf:, autorun, avg, avira, bho, dringend, error, fehler, firefox, flash player, format, helper, home, install.exe, logfile, mozilla, plug-in, registry, richtlinie, rundll, scan, security, software, svchost.exe, system, tracker, udp, windows |
Baum-Darstellung