Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Und noch ein System Doctor 2014 Opfer

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 09.06.2013, 15:06   #1
FreddiK
 
Und noch ein System Doctor 2014 Opfer - Standard

Und noch ein System Doctor 2014 Opfer



Habe eben auf einer Seite eines psychologischen Institutes gesurft und plötzlich kam eine dieser "üblichen und häufigen" vierecksfenster, welches für mich auf den ersten Blick aussah wie das typische jdwupdate, also Java Update...einmal zu schnell okay geklickt und zack, das wars. Ganz fieser System Doctor 2014...

System: Laptop mit Windows 7 86 bit und Avira Antivir, welcher mich nicht gewarnt hat

Anbei die geforderten Logs:

Code:
ATTFilter
OTL logfile created on: 09.06.2013 14:35:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User 1\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,45% Memory free
5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 115,60 Gb Free Space | 38,78% Space Free | Partition Type: NTFS
Drive F: | 240,95 Mb Total Space | 127,87 Mb Free Space | 53,07% Space Free | Partition Type: FAT32
 
Computer Name: USER1-PC | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.09 14:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
PRC - [2013.06.09 13:07:32 | 000,708,608 | ---- | M] () -- C:\Users\USER1~1\AppData\Local\Temp\90BB.tmp
PRC - [2013.05.23 02:42:44 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.28 15:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.26 21:16:28 | 000,468,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.11.26 21:16:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.26 21:16:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.11.26 21:16:27 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.11.26 21:16:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.26 21:16:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.09.24 20:47:46 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10NETS.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.09 13:07:32 | 000,708,608 | ---- | M] () -- C:\Users\USER1~1\AppData\Local\Temp\90BB.tmp
MOD - [2012.11.26 21:16:28 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.22 01:09:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 23:55:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2013.01.28 15:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.11.26 21:16:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.26 21:16:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10NETS.EXE -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.19 07:41:53 | 000,154,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.11.26 21:16:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.11.26 21:16:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.16 17:38:46 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.13 17:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 12:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2001.11.14 19:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10uif.sys -- (X10UIF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.autoconfig_url: "https://secure.premiumize.me/d023a2c18839d55005656a58f0b2db16/proxy.pac"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.22 01:09:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.22 01:09:00 | 000,000,000 | ---D | M]
 
[2012.11.04 22:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Extensions
[2013.05.09 15:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\15xf9788.default\extensions
[2013.02.17 22:13:56 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\15xf9788.default\extensions\foxyproxy@eric.h.jung
[2012.12.11 01:59:54 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.05.09 15:59:31 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.26 21:21:15 | 000,002,344 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\searchplugins\askcom.xml
[2013.05.22 01:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.22 01:09:04 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.11.12 12:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [SD2014] C:\Users\User 1\AppData\Roaming\9dfDadRV\9dfDadRV.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2AE736-63A0-43CE-B69D-296AD6C1DFFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F099809A-F26F-44B2-B6B2-AF3F51D986F1}: DhcpNameServer = 192.168.221.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 14:33:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
[2013.06.09 13:12:42 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014
[2013.06.09 13:07:35 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\9dfDadRV
[2013.05.23 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\User 1\Documents\Amos Dateien
[2013.05.22 01:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 14:33:54 | 000,000,000 | ---- | M] () -- C:\Users\User 1\defogger_reenable
[2013.06.09 14:24:50 | 000,050,477 | ---- | M] () -- C:\Users\User 1\Desktop\Defogger.exe
[2013.06.09 14:15:50 | 000,377,856 | ---- | M] () -- C:\Users\User 1\Desktop\gmer_2.1.19163.exe
[2013.06.09 14:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe
[2013.06.09 13:55:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 13:12:42 | 000,001,868 | ---- | M] () -- C:\Users\User 1\Desktop\System Doctor 2014.lnk
[2013.06.09 13:12:42 | 000,000,112 | ---- | M] () -- C:\Users\User 1\Desktop\System Doctor 2014 support.url
[2013.06.09 13:05:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 12:11:16 | 000,019,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 12:11:16 | 000,019,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 23:03:13 | 000,698,926 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.08 23:03:13 | 000,653,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.08 23:03:13 | 000,149,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.08 23:03:13 | 000,121,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.07 12:29:58 | 000,061,460 | ---- | M] () -- C:\Users\User 1\Desktop\Daten 21 mai.sav
[2013.05.23 02:42:43 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.22 23:43:54 | 003,971,473 | ---- | M] () -- C:\Users\User 1\Desktop\07-GT-I8700-Direy-6[1].pdf
[2013.05.16 17:27:42 | 000,001,134 | ---- | M] () -- C:\Users\User 1\Desktop\OnlineTV.exe - Verknüpfung.lnk
[2013.05.16 12:28:02 | 000,274,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.10 17:45:58 | 000,000,991 | ---- | M] () -- C:\Users\User 1\Desktop\Word.exe.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.09 14:33:54 | 000,000,000 | ---- | C] () -- C:\Users\User 1\defogger_reenable
[2013.06.09 14:33:43 | 000,377,856 | ---- | C] () -- C:\Users\User 1\Desktop\gmer_2.1.19163.exe
[2013.06.09 14:33:43 | 000,050,477 | ---- | C] () -- C:\Users\User 1\Desktop\Defogger.exe
[2013.06.09 13:12:42 | 000,001,868 | ---- | C] () -- C:\Users\User 1\Desktop\System Doctor 2014.lnk
[2013.06.09 13:12:42 | 000,000,112 | ---- | C] () -- C:\Users\User 1\Desktop\System Doctor 2014 support.url
[2013.06.06 17:18:44 | 000,061,460 | ---- | C] () -- C:\Users\User 1\Desktop\Daten 21 mai.sav
[2013.05.23 02:42:43 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.05.22 23:43:54 | 003,971,473 | ---- | C] () -- C:\Users\User 1\Desktop\07-GT-I8700-Direy-6[1].pdf
[2013.05.16 17:27:42 | 000,001,134 | ---- | C] () -- C:\Users\User 1\Desktop\OnlineTV.exe - Verknüpfung.lnk
[2013.05.10 17:45:58 | 000,000,991 | ---- | C] () -- C:\Users\User 1\Desktop\Word.exe.lnk
[2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2013.04.02 20:49:42 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013.04.02 20:49:40 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013.04.02 20:49:40 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013.04.02 20:49:37 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.04.02 20:49:19 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013.01.26 15:32:28 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2013.01.26 15:32:28 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2013.01.18 20:40:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2013.01.15 20:31:49 | 000,274,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.06 12:20:32 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.06.09 13:12:54 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\9dfDadRV
[2013.01.11 13:53:32 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\Canneverbe Limited
[2012.12.28 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\PhonerLite
[2012.12.10 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\Synaptics
[2013.01.03 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\TuneUp Software
[2013.01.18 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\X10Receiver.NET
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2013 14:35:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User 1\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,45% Memory free
5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 115,60 Gb Free Space | 38,78% Space Free | Partition Type: NTFS
Drive F: | 240,95 Mb Total Space | 127,87 Mb Free Space | 53,07% Space Free | Partition Type: FAT32
 
Computer Name: USER1-PC | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA7795-B315-4068-B252-F846ADCB11A4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0BB12F77-9C90-48D0-9CE7-9D21D45000A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{200533A3-C20D-4619-9F1E-5B0A67CDEE04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29B10AC1-D575-4B67-A8E7-C1A2DFB0D57D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{30BCFF4F-C14C-477C-B8A4-345C02BF3A6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{404C1DA1-075E-4DED-B480-9BD9F8176841}" = lport=139 | protocol=6 | dir=in | app=system | 
"{41847E14-EF6A-4DD5-9C79-2977F3FE7C64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B7E8D19-BA95-475E-AC6B-E41B0DCEB58F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4CCCBC0A-FC4A-4F44-87BE-CBF89B2142F8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5358AC8B-AE30-480E-AD74-E088AD79E77F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{59956AE5-8FCC-40DA-894F-7A76DDAF0A9C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{67F0B680-2CCA-480C-BD58-88DCDC015836}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{72D4B1D4-6009-46AE-A251-F2137BEF6A48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C582013-E2EC-400B-9B11-C7D7ABA5C67C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7D821895-8856-493B-8646-0F63B159A27A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ABC6F194-635A-449C-9A8B-4E2073C7BA5B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AD6A1A0A-03B1-4C70-9CD1-C2067EE570DB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CEAF2AE1-F9BF-4A2F-B678-E3914EB6B3B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF3DB56F-10A6-4732-862D-28DD354276C9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D0F145DB-A3BB-4B43-BACD-502ED9C38E5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D92B0609-E644-4FA6-9998-BB070F8DDF80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E109C6D5-00DD-462B-8051-865356BB7EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB3D2E19-3390-4A67-873D-30B4E29C1525}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1173F20E-673D-4CFB-ACA8-E464E997EF3B}" = protocol=6 | dir=out | app=system | 
"{1C1ED9CC-38D7-4AAC-BF03-6DAE10D9048E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EDCDCAD-6BDC-4DB8-ADE3-5F065CDC61BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8B621A46-00F0-426F-8B5F-406454B6840D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8DFD76E2-4D6F-46BF-BDA5-91C62525F74A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A355A502-FF71-4909-82F5-CA55541087A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A90F37AD-158D-4BA0-A2FE-76C32378B15F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A9B31C75-3C0A-4C73-BEB6-4C603B07DF61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4A073B3-598D-4D2B-A74A-F00A99A416D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BDAF98CD-5752-4210-860E-54ED4956ACBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C93718B3-1996-4F14-83EB-93A3E953875F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA271526-F5BD-421F-9D9B-4325563FD67D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CBEE1936-694D-4629-B117-91FCDE7D4755}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7FD8B8C-7536-4986-A245-5F196ECBDFF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8F66029-2FA2-4D86-999D-3688F5581543}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EF4267E1-DBD0-4A05-B02D-6FC3B6AED1EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0B9ED16-4A6A-41E3-B8EC-2A8B648081A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{09F157B7-5F36-44EF-8B42-A6CB6E3B8DF3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{21EC2607-C0BD-40E6-ACD0-5A2DEEEBAB15}C:\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\phonerlite\phonerlite.exe | 
"TCP Query User{3BEE6CF7-1401-4AE6-A2D5-CE465D691C9B}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"TCP Query User{49F6B3F2-204B-490F-8EFF-43D0267D5119}C:\mein tv v2.6\vlc.exe" = protocol=6 | dir=in | app=c:\mein tv v2.6\vlc.exe | 
"TCP Query User{7426579B-709B-4C59-A2D6-BCCB27478603}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"TCP Query User{936A3F85-EFA0-4258-93AB-0169665F34FE}C:\program files\mein tv v2.4\vlc.exe" = protocol=6 | dir=in | app=c:\program files\mein tv v2.4\vlc.exe | 
"TCP Query User{9B37E488-6EF3-4716-980C-7061B0482613}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe | 
"TCP Query User{D126BB7C-2853-4C13-8E32-4581B32ECD05}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{EBB03D78-C928-49AD-8D6B-947F49554730}C:\program files\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files\phonerlite\phonerlite.exe | 
"UDP Query User{0EA7A66D-D372-4849-94AA-E38788DF125B}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"UDP Query User{26A2B299-7358-4E6A-BEB3-CAF29AC3E5D8}C:\mein tv v2.6\vlc.exe" = protocol=17 | dir=in | app=c:\mein tv v2.6\vlc.exe | 
"UDP Query User{29D0A844-B55B-4D03-8540-5972E79ADAD9}C:\program files\mein tv v2.4\vlc.exe" = protocol=17 | dir=in | app=c:\program files\mein tv v2.4\vlc.exe | 
"UDP Query User{465B4E38-4E22-45B9-9A84-1F24FACBFBE1}C:\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\phonerlite\phonerlite.exe | 
"UDP Query User{7B2CB0E9-9710-4E9D-A793-B7FB35D42737}C:\program files\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files\phonerlite\phonerlite.exe | 
"UDP Query User{9163191B-56C8-41F4-87FE-E60D54666F61}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe | 
"UDP Query User{B607DCCF-A232-4855-8E17-B17D41F7751A}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"UDP Query User{BC175B21-646C-4C08-9432-38CA0FBE02CE}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{CF766CA9-66AC-4A17-9887-EBDE92E8A032}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{304B71E3-1017-4717-86BC-F1D18519FEF2}" = IBM SPSS Amos 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5A3F5B7-60AD-4298-BB2F-7B4CEDBF3896}_is1" = X10Receiver.NET v2
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.8.0
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5
"X10Hardware" = X10 Hardware(TM)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2013 12:13:47 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 03.06.2013 06:55:37 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 03.06.2013 06:56:01 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 05.06.2013 18:37:52 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 05.06.2013 18:38:17 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 08.06.2013 17:27:04 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 08.06.2013 17:27:27 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 08.06.2013 20:56:05 | Computer Name = User1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec3cc  Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec306  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c9789  ID des fehlerhaften
 Prozesses: 0xc14  Startzeit der fehlerhaften Anwendung: 0x01ce6498c3070b75  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 5c905c3a-d09f-11e2-866c-002269db33d6
 
Error - 09.06.2013 06:48:35 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 09.06.2013 06:49:03 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
[ System Events ]
Error - 20.04.2013 07:19:54 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 21.04.2013 14:14:19 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.04.2013 13:32:28 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 23.04.2013 16:31:59 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.04.2013 03:58:05 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 27.04.2013 03:58:05 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 27.04.2013 03:58:06 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 27.04.2013 03:58:06 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 27.04.2013 03:58:07 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 30.04.2013 18:45:18 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 16:03:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\USER1~1\AppData\Local\Temp\pgloapob.sys


---- System - GMER 2.1 ----

SSDT            920F0336                                                                                         ZwCreateSection
SSDT            920F0340                                                                                         ZwRequestWaitReplyPort
SSDT            920F033B                                                                                         ZwSetContextThread
SSDT            920F0345                                                                                         ZwSetSecurityObject
SSDT            920F034A                                                                                         ZwSystemDebugControl
SSDT            920F02D7                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 140D                                                         8306C9A9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           8308C4F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                              83093894 4 Bytes  [36, 03, 0F, 92] {ADD ECX, [SS:EDI]; XCHG EDX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 181B                                                              83093BF0 4 Bytes  [40, 03, 0F, 92] {INC EAX; ADD ECX, [EDI]; XCHG EDX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 185F                                                              83093C34 4 Bytes  [3B, 03, 0F, 92]
.text           ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                              83093CB0 4 Bytes  [45, 03, 0F, 92] {INC EBP; ADD ECX, [EDI]; XCHG EDX, EAX}
.text           ntoskrnl.exe!KeRemoveQueueEx + 192F                                                              83093D04 4 Bytes  [4A, 03, 0F, 92] {DEC EDX; ADD ECX, [EDI]; XCHG EDX, EAX}
.text           ...                                                                                              

---- Devices - GMER 2.1 ----

Device          \Driver\BTHUSB \Device\00000080                                                                  bthport.sys
Device          \Driver\BTHUSB \Device\0000007e                                                                  bthport.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269db33d6                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269db33d6 (not active ControlSet)  

---- EOF - GMER 2.1 ----
         
Ich bin für jede Hilfe sehr sehr dankbar, da ich an dem Laptop gerade meine Diplomarbeit schreibe und ihn daher dringend brauche.

 

Themen zu Und noch ein System Doctor 2014 Opfer
7-zip, antivir, application/pdf:, autorun, avg, avira, bho, dringend, error, fehler, firefox, flash player, format, helper, home, install.exe, logfile, mozilla, plug-in, registry, richtlinie, rundll, scan, security, software, svchost.exe, system, tracker, udp, windows




Ähnliche Themen: Und noch ein System Doctor 2014 Opfer


  1. Noch ein wssetup.exe Opfer
    Plagegeister aller Art und deren Bekämpfung - 15.09.2013 (10)
  2. System doctor 2014 -> Google -> Spyhunter 4 -> Malebytes Anti Root kit
    Log-Analyse und Auswertung - 15.06.2013 (11)
  3. Wie entferne ich System Doctor 2014?
    Log-Analyse und Auswertung - 14.06.2013 (27)
  4. Laptop von "System Doctor 2014" betroffen
    Log-Analyse und Auswertung - 09.06.2013 (35)
  5. Wie System Doctor 2014 auf WinXp entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (15)
  6. Windows 7 64 bit Rechner mit System Doctor 2014 infiziert
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (18)
  7. Laptop von System Doctor 2014 befallen (Win7 / 64bit)
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (24)
  8. System Doctor 2014 entfernen
    Anleitungen, FAQs & Links - 31.05.2013 (2)
  9. ... noch ein "System Progressive Protection"-Opfer
    Log-Analyse und Auswertung - 13.10.2012 (29)
  10. Suisa - noch ein Opfer
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (15)
  11. My Start incredibar ... noch ein Opfer
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (28)
  12. AKM-Virus hat noch ein Opfer...
    Log-Analyse und Auswertung - 11.06.2012 (19)
  13. und noch ein AKM 100 EUR Opfer...
    Log-Analyse und Auswertung - 25.05.2012 (12)
  14. :( :( :( noch ein antimalware doc opfer.ratlos! :(
    Plagegeister aller Art und deren Bekämpfung - 23.09.2010 (20)
  15. noch ein spy axe opfer...
    Log-Analyse und Auswertung - 16.12.2005 (13)
  16. Noch ein Trojaner Opfer
    Log-Analyse und Auswertung - 19.11.2004 (20)
  17. Noch ein Trojaner Opfer
    Log-Analyse und Auswertung - 18.11.2004 (1)

Zum Thema Und noch ein System Doctor 2014 Opfer - Habe eben auf einer Seite eines psychologischen Institutes gesurft und plötzlich kam eine dieser "üblichen und häufigen" vierecksfenster, welches für mich auf den ersten Blick aussah wie das typische jdwupdate, - Und noch ein System Doctor 2014 Opfer...
Archiv
Du betrachtest: Und noch ein System Doctor 2014 Opfer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.