|
Plagegeister aller Art und deren Bekämpfung: EXP/Java.Agent.BH auch bei mirWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.07.2010, 09:44 | #1 | ||
| EXP/Java.Agent.BH auch bei mir Hallo zusammen, Antivir hat gestern auch bei mir den Trojaner EXP/Java.Agent.BH festgestellt. Hab nun mich hier schon bisschen durchgewuselt und poste deswegen jetzt das Antivir-Log, das Malware-Log und das OTL-Log. Hoffe, ich hab das alles richtig gemacht. Und ich hoffe, ihr sagt mir nun, dass alles wieder in Ordnung ist. Antivir-Scan Zitat:
Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.07.2010 10:36:38 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 33,20 Gb Free Space | 35,26% Space Free | Partition Type: NTFS Drive D: | 129,94 Gb Total Space | 129,84 Gb Free Space | 99,93% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZUHAUSE Current User Name: SchauerAlsleben Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\download\OTL.exe (OldTimer Tools) PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Kenabee\Viewer4Skype\svc4skype.exe (Kenabee Systems Inc.) PRC - C:\Programme\Kenabee\Viewer4Skype\mon4skype.exe (Kenabee Systems Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OEM\OSD_1.16\osd.exe (ODM) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Modules (SafeList) ========== MOD - C:\download\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (svc4skype) -- C:\Program Files\Kenabee\Viewer4Skype\svc4skype.exe (Kenabee Systems Inc.) SRV - (mon4skype) -- C:\Program Files\Kenabee\Viewer4Skype\mon4skype.exe (Kenabee Systems Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (OsdService) -- C:\Programme\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (arcvad_ds2dhw) -- C:\Windows\System32\drivers\ArcVad.sys (ArcSoft, Inc.) DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 06:05:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 06:05:07 | 000,000,000 | ---D | M] [2009.10.21 21:21:53 | 000,000,000 | ---D | M] -- C:\Users\SchauerAlsleben\AppData\Roaming\mozilla\Extensions [2010.07.28 20:47:37 | 000,000,000 | ---D | M] -- C:\Users\SchauerAlsleben\AppData\Roaming\mozilla\Firefox\Profiles\fymov61b.default\extensions [2010.04.27 14:17:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SchauerAlsleben\AppData\Roaming\mozilla\Firefox\Profiles\fymov61b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.26 10:35:48 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\SchauerAlsleben\AppData\Roaming\mozilla\Firefox\Profiles\fymov61b.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.04.28 12:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SchauerAlsleben\AppData\Roaming\mozilla\Firefox\Profiles\fymov61b.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.20 21:47:35 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\SchauerAlsleben\AppData\Roaming\mozilla\Firefox\Profiles\fymov61b.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2009.11.04 18:13:17 | 000,000,000 | ---D | M] -- C:\Users\SchauerAlsleben\AppData\Roaming\mozilla\Firefox\Profiles\fymov61b.default\extensions\firefox@tvunetworks.com [2009.11.08 11:05:25 | 000,000,000 | ---D | M] -- C:\Users\SchauerAlsleben\AppData\Roaming\mozilla\Firefox\Profiles\fymov61b.default\extensions\moveplayer@movenetworks.com [2010.07.21 19:35:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.21 19:35:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.23 12:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.23 12:00:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.13 12:02:02 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 12:02:02 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 12:02:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 12:02:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 12:02:03 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.03 21:23:16 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [a-squared] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe File not found O4 - HKLM..\Run: [OSD] C:\Programme\OEM\OSD_1.16\osd.exe (ODM) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\SchauerAlsleben\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\SchauerAlsleben\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\SchauerAlsleben\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.28 20:43:05 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\AppData\Roaming\Malwarebytes [2010.07.28 20:42:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.28 20:42:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.28 20:42:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.28 20:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.28 20:23:33 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware [2010.07.28 20:23:33 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\Documents\Anti-Malware [2010.07.28 20:10:35 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\Documents\a-squared Free [2010.07.28 20:10:35 | 000,000,000 | ---D | C] -- C:\Programme\a-squared Free [2010.07.21 19:34:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.07.18 15:54:03 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.07.06 20:09:07 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\AppData\Local\Apple Computer [2010.07.06 20:07:29 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\AppData\Roaming\Apple Computer [2010.07.06 20:05:37 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.07.06 20:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.07.06 20:04:17 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2010.07.06 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\AppData\Local\Apple [2010.07.06 20:04:00 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.07.06 20:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.06.30 16:06:50 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\Documents\pdf24 [2010.06.30 16:02:23 | 000,000,000 | ---D | C] -- C:\Programme\pdf24 [2010.06.29 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\AppData\Roaming\gtk-2.0 [2010.06.29 19:24:22 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\.thumbnails [2010.06.29 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\.gimp-2.6 [2010.06.29 19:22:32 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\Documents\gegl-0.0 [2010.06.29 19:21:25 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2010.06.29 19:10:03 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\AppData\Roaming\PhotoScape [2010.06.29 19:09:34 | 000,000,000 | ---D | C] -- C:\Programme\PhotoScape [2010.06.29 16:42:08 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\AppData\Roaming\Softland [2010.06.29 16:42:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll [2010.06.29 16:41:56 | 000,000,000 | ---D | C] -- C:\Users\SchauerAlsleben\AppData\Local\PDF Annotator ========== Files - Modified Within 30 Days ========== [2010.07.29 10:36:29 | 002,621,440 | -HS- | M] () -- C:\Users\SchauerAlsleben\ntuser.dat [2010.07.29 10:30:30 | 000,000,162 | -H-- | M] () -- C:\Users\SchauerAlsleben\Desktop\~$ntivir.docx [2010.07.29 10:26:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.29 09:06:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.29 09:06:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.29 07:06:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.29 07:06:40 | 3179,958,272 | -HS- | M] () -- C:\hiberfil.sys [2010.07.28 21:43:19 | 000,524,288 | -HS- | M] () -- C:\Users\SchauerAlsleben\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.07.28 21:43:19 | 000,065,536 | -HS- | M] () -- C:\Users\SchauerAlsleben\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.28 21:43:01 | 002,366,262 | -H-- | M] () -- C:\Users\SchauerAlsleben\AppData\Local\IconCache.db [2010.07.28 21:42:56 | 000,015,023 | ---- | M] () -- C:\Users\SchauerAlsleben\Desktop\Antivir.docx [2010.07.28 20:42:39 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.28 20:24:35 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2010.07.28 20:11:18 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Free.lnk [2010.07.26 19:55:05 | 000,036,885 | ---- | M] () -- C:\Users\SchauerAlsleben\Documents\Save the Date.eml [2010.07.26 13:36:06 | 000,020,764 | ---- | M] () -- C:\Users\SchauerAlsleben\Desktop\füße.jpg [2010.07.25 21:09:02 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.25 21:09:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.25 21:09:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.25 21:09:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.25 21:09:00 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.25 20:10:22 | 002,537,281 | ---- | M] () -- C:\Users\SchauerAlsleben\Documents\griddler.pdf [2010.07.11 20:24:57 | 000,004,145 | ---- | M] () -- C:\Users\SchauerAlsleben\.recently-used.xbel [2010.06.30 22:10:33 | 000,043,008 | ---- | M] () -- C:\Users\SchauerAlsleben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.29 19:14:45 | 000,015,360 | -H-- | M] () -- C:\Users\SchauerAlsleben\Documents\photothumb.db [2010.06.29 19:11:04 | 000,016,384 | -H-- | M] () -- C:\Users\SchauerAlsleben\Desktop\photothumb.db ========== Files Created - No Company Name ========== [2010.07.29 10:30:30 | 000,000,162 | -H-- | C] () -- C:\Users\SchauerAlsleben\Desktop\~$ntivir.docx [2010.07.28 21:42:54 | 000,015,023 | ---- | C] () -- C:\Users\SchauerAlsleben\Desktop\Antivir.docx [2010.07.28 20:42:39 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.28 20:24:35 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2010.07.28 20:11:18 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk [2010.07.26 19:55:04 | 000,036,885 | ---- | C] () -- C:\Users\SchauerAlsleben\Documents\Save the Date.eml [2010.07.26 13:36:02 | 000,020,764 | ---- | C] () -- C:\Users\SchauerAlsleben\Desktop\füße.jpg [2010.07.25 20:10:22 | 002,537,281 | ---- | C] () -- C:\Users\SchauerAlsleben\Documents\griddler.pdf [2010.07.11 20:24:57 | 000,004,145 | ---- | C] () -- C:\Users\SchauerAlsleben\.recently-used.xbel [2010.06.29 19:14:44 | 000,015,360 | -H-- | C] () -- C:\Users\SchauerAlsleben\Documents\photothumb.db [2010.06.29 19:11:03 | 000,016,384 | -H-- | C] () -- C:\Users\SchauerAlsleben\Desktop\photothumb.db [2010.04.01 11:32:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.10.22 20:15:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 21:16:48 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.07.17 05:12:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1473.dll [2008.06.17 21:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 606 bytes -> C:\Users\SchauerAlsleben\Documents\Save the Date.eml:OECustomProperty < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.07.2010 10:36:38 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\download Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 33,20 Gb Free Space | 35,26% Space Free | Partition Type: NTFS Drive D: | 129,94 Gb Total Space | 129,84 Gb Free Space | 99,93% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZUHAUSE Current User Name: SchauerAlsleben Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4764CEF2-78BD-4DB8-8477-5484DDE46EB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{00539D39-08F5-4BCC-A07E-B1D2C5B34252}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{25F7A355-5508-4A51-9C0E-6206E0045200}C:\users\schaueralsleben\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\schaueralsleben\temp\teamviewer\version5\teamviewer.exe | "TCP Query User{49B33FA3-FF43-4814-B68D-075CFFE16173}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{65B48F26-E632-4E1F-BFD5-4C0837BE031A}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{87D73ABA-D6F2-4799-9ECD-BC6DFEF377E4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{B40742D1-6434-4F1F-9112-5A5B21CD7C71}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{C95B9DAD-BB8C-4542-8DD7-449227A90508}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{D0257854-FD7C-4545-9EE9-A7EDDB6C7DED}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{D5F17031-6FE1-421E-9789-E8D078D59BDB}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{F6A45B6F-89C7-48BF-A1EC-5DC95B9E58B3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{120B953D-2FAC-4D77-B56E-E961B82745B4}C:\users\schaueralsleben\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\schaueralsleben\temp\teamviewer\version5\teamviewer.exe | "UDP Query User{2A7F6F96-FFB2-40F7-A3DA-A78E0977DAE4}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{2F677F51-4565-4C6F-9C7E-1C3742C3610A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{A704CCAA-26AC-48C1-873E-E5F27DBFD65C}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{AA03B7CD-0F5C-4470-A57E-6BE735930F01}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{AA726D69-7740-470C-99D0-AAFB99282B7B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{D42DB6F8-EAD3-43E7-895C-18CAEF5D2517}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{DF07F305-E829-4FCD-A976-EC9BD7CB0C18}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{EDA2AD33-56C8-4E05-AA16-53A6299DF4A7}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{EE54047B-5F39-4C0D-82A6-3976ABFC5554}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B3FF3DE-C86E-418B-BB84-93BAAA912359}" = Viewer4Skype "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.16 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 2.0 "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "a-squared Free_is1" = a-squared Free 4.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BSW" = BrettspielWelt "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "ppmate" = PPMate Network TV 2.0.0.40 "softonic-de3 Toolbar" = softonic-de3 Toolbar "SopCast" = SopCast 3.2.4 "TVAnts 1.0" = TVAnts 1.0 "TVUPlayer" = TVUPlayer 2.4.9.1 "Uninstall_is1" = Uninstall 1.0.0.1 "WinGimp-2.0_is1" = GIMP 2.6.9 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "PhotoFiltre" = PhotoFiltre ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.07.2010 04:02:52 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 26.07.2010 04:02:52 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 26.07.2010 04:03:59 | Computer Name = zuHause | Source = WinMgmt | ID = 10 Description = Error - 26.07.2010 04:35:12 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 26.07.2010 04:35:17 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 26.07.2010 04:35:17 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 26.07.2010 04:36:18 | Computer Name = zuHause | Source = WinMgmt | ID = 10 Description = Error - 26.07.2010 05:24:11 | Computer Name = zuHause | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3855 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 72c Anfangszeit: 01cb2c9d8c728ba4 Zeitpunkt der Beendigung: 19 Error - 26.07.2010 06:35:39 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 26.07.2010 06:35:39 | Computer Name = zuHause | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 26.07.2010 15:45:57 | Computer Name = zuHause | Source = Service Control Manager | ID = 7034 Description = Error - 27.07.2010 11:56:26 | Computer Name = zuHause | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 27.07.2010 um 17:53:54 unerwartet heruntergefahren. Error - 27.07.2010 15:59:53 | Computer Name = zuHause | Source = Service Control Manager | ID = 7034 Description = Error - 28.07.2010 12:26:24 | Computer Name = zuHause | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Optiarc DVD RW AD-7590S ATA Device" (IDE\CdRomOptiarc_DVD_RW_AD-7590S_________________1.44____\5&21c7baf&0&1.0.0) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 28.07.2010 12:47:11 | Computer Name = zuHause | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Optiarc DVD RW AD-7590S ATA Device" (IDE\CdRomOptiarc_DVD_RW_AD-7590S_________________1.44____\5&21c7baf&0&1.0.0) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 28.07.2010 12:47:19 | Computer Name = zuHause | Source = PlugPlayManager | ID = 12 Description = Das Gerät "Optiarc DVD RW AD-7590S ATA Device" (IDE\CdRomOptiarc_DVD_RW_AD-7590S_________________1.44____\5&21c7baf&0&1.0.0) wurde ohne vorbereitende Maßnahmen vom System entfernt. Error - 28.07.2010 12:47:19 | Computer Name = zuHause | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom2 gefunden. Error - 28.07.2010 12:47:19 | Computer Name = zuHause | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom2 gefunden. Error - 28.07.2010 12:47:19 | Computer Name = zuHause | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom2 gefunden. Error - 28.07.2010 15:43:22 | Computer Name = zuHause | Source = Service Control Manager | ID = 7034 Description = < End of report > Ich danke schon im Voraus für Eure Mühe! |
29.07.2010, 16:09 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | EXP/Java.Agent.BH auch bei mir Die Logs sind unauffällig. MBAM hat ja auch nichts gefunden. Noch Probleme oder weitere Funde?
__________________
__________________ |
29.07.2010, 17:42 | #3 |
| EXP/Java.Agent.BH auch bei mir Danke dir.
__________________Nee, bislang ist mir nichts weiter aufgefallen. Oder soll ich antivir jetzt heute noch mal durchjagen? Und dann würd mich interessieren, wo ich den herab. Da denkt man immer, man ist vorsichtig.... aber gut. |
Themen zu EXP/Java.Agent.BH auch bei mir |
.dll, 0 bytes, acroiehelper.dll, adobe, alternate, avg, avgntflt.sys, avira, bho, components, conduit, converter, corp./icp, defender, desktop, dwm.exe, emsisoft, emsisoft anti-malware, excel.exe, exp/java.age, firefox.exe, home, home premium, iastor.sys, install.exe, jar_cache, jusched.exe, local\temp, location, logfile, maßnahme, microsoft office word, mozilla, mp3, norman, nt.dll, nvidia, nvstor.sys, office 2007, oldtimer, otl.exe, picasa, plug-in, programdata, programm, prozesse, realtek, registry, saver, searchplugins, security update, senden, services.exe, shell32.dll, skype.exe, softonic deutsch toolbar, software, svchost.exe, trojaner, versteckte objekte, verweise, virus gefunden, windows, winlogon.exe |