| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HEUR/HTML.Maleware (heuristic) Firefox 12.2010Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.12.2010, 16:08
| #1 |
 |  HEUR/HTML.Maleware (heuristic) Firefox 12.2010 hallo und danke erstmal an alle die sich meinem problem annehmen wollen also das problem ist folgendes beim surfen im internet kam von AV (free) die meldung das folgende malware gefunden wurde: 'HEUR/HTML.Malware' da ich schön öfters problemen mit würmern, trojaner, ... usw. hatte wollte ich nun fragen ob einer von euch weiß ob diese datei(oder der virus) schädlich für meinen computer ist. hab leider nicht als so viel ahnung ... 'C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\bhgzcpv0.default\Cache\_CACHE_003_' mfg Andy habe über OTL schon mal ein logfile auswertung machen lassen...kenn mich aber wie gesagt leider überhaupt nicht aus und mach das alles jetzt zum ersten mal... OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 10.12.2010 15:17:37 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\User\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 177,00 Gb Total Space | 128,09 Gb Free Space | 72,37% Space Free | Partition Type: NTFS Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL.exe File not found PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Mobile Partner Manager\UIMain.exe () PRC - C:\Program Files\Mobile Partner Manager\CMUpdater.exe () PRC - C:\Program Files\Mobile Partner Manager\AssistantServices.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.) PRC - C:\Windows\System32\lxcecoms.exe ( ) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) ========== Modules (SafeList) ========== MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UI Assistant Service) -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe () SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (lxce_device) -- C:\Windows\System32\lxcecoms.exe ( ) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe (Sony Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (SiFilter) -- C:\Windows\system32\drivers\siwinacc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\system32\drivers\siremfil.sys (Silicon Image, Inc.) DRV - (SI3132) -- C:\Windows\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\TosRfhid.sys (TOSHIBA Corporation.) DRV - (SonyImgF) -- C:\Windows\System32\drivers\SonyImgF.sys (Sony Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Welcome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Club VAIO | Welcome IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.11 21:13:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.17 11:09:05 | 000,000,000 | ---D | M] [2010.09.29 18:52:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2010.12.10 15:10:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bhgzcpv0.default\extensions [2010.10.17 09:40:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bhgzcpv0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.05 10:17:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bhgzcpv0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.25 19:15:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bhgzcpv0.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.09.29 20:50:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bhgzcpv0.default\extensions\vshare@toolbar [2010.12.10 02:19:19 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.11.17 11:08:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4300 Series\ezprint.exe (Lexmark International Inc.) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [LXCECATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL () O4 - HKLM..\Run: [lxcemon.exe] C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.10.05 21:42:59 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2009.10.05 21:42:59 | 004,731,224 | R--- | M] (Electronic Arts Inc.) - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.10.05 21:42:59 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{3cd3cfb0-c7e0-11df-8d74-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3cd3cfb0-c7e0-11df-8d74-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009.10.05 21:42:59 | 004,731,224 | R--- | M] (Electronic Arts Inc.) O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.10 15:01:48 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2010.12.09 14:43:46 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Skype Received Files [2010.12.09 14:12:57 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Kimba [2010.12.01 12:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint [2010.12.01 12:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats [2010.12.01 12:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 4300 Series [2010.12.01 12:46:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxceserv.dll [2010.12.01 12:46:54 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxceusb1.dll [2010.12.01 12:46:54 | 000,983,091 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxcegf.dll [2010.12.01 12:46:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcehbn3.dll [2010.12.01 12:46:54 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcepmui.dll [2010.12.01 12:46:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcelmpm.dll [2010.12.01 12:46:54 | 000,446,464 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxceutil.dll [2010.12.01 12:46:54 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxceinpa.dll [2010.12.01 12:46:54 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxceiesc.dll [2010.12.01 12:46:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxceih.exe [2010.12.01 12:46:54 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcehcp.dll [2010.12.01 12:46:54 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxceinsb.dll [2010.12.01 12:46:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxceprox.dll [2010.12.01 12:46:54 | 000,155,648 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxceins.dll [2010.12.01 12:46:54 | 000,131,072 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcejswr.dll [2010.12.01 12:46:54 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxceinsr.dll [2010.12.01 12:46:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcepplc.dll [2010.12.01 12:46:54 | 000,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcecub.dll [2010.12.01 12:46:54 | 000,073,728 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcecu.dll [2010.12.01 12:46:54 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcecur.dll [2010.12.01 12:46:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcecomc.dll [2010.12.01 12:46:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcecoms.exe [2010.12.01 12:46:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcecomm.dll [2010.12.01 12:46:53 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcecfg.exe [2010.12.01 12:46:53 | 000,069,632 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxcecfg.dll [2010.11.30 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.11.27 15:27:34 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Skype Content [2010.11.26 14:16:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2010.11.26 14:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2010.11.26 13:35:49 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Bewerbung [2010.11.22 16:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Bilder [2010.11.20 15:55:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\IrfanView [2010.11.20 15:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2010.11.20 15:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2010.11.20 15:48:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Paint.NET [2010.11.17 11:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.11.17 11:09:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.11.17 11:09:05 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.17 11:09:05 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.17 11:09:05 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.11 21:17:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer [2010.11.11 21:17:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer [2010.11.11 21:17:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2010.11.11 21:17:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2010.11.11 21:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.11.11 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.11.11 21:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.11.11 21:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.11.11 21:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.11.11 21:12:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple [2010.11.11 21:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010.11.11 21:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.11.11 21:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.11.11 21:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple ========== Files - Modified Within 30 Days ========== [2010.12.10 15:02:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2010.12.10 15:02:00 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.10 15:02:00 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.10 15:02:00 | 000,149,846 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.10 15:02:00 | 000,121,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.10 14:23:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.10 14:23:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.10 14:23:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.10 14:23:05 | 2145,574,912 | -HS- | M] () -- C:\hiberfil.sys [2010.12.09 12:59:17 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2010.12.08 15:19:56 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.01 12:52:37 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 4300 Series.lnk [2010.12.01 12:51:51 | 000,014,897 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf [2010.12.01 12:42:15 | 000,314,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.30 18:17:59 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.26 14:17:00 | 000,001,028 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010.11.26 14:12:39 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.11.24 13:25:34 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.17 11:08:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.11.11 21:17:47 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.11 20:41:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf ========== Files Created - No Company Name ========== [2010.12.01 12:52:37 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 4300 Series.lnk [2010.12.01 12:46:54 | 000,370,150 | ---- | C] () -- C:\Windows\System32\lxcehelp.chm [2010.12.01 12:46:54 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxceinst.dll [2010.12.01 12:46:54 | 000,014,897 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf [2010.12.01 12:46:53 | 000,002,270 | ---- | C] () -- C:\Windows\System32\lxce.loc [2010.11.30 18:17:59 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.26 14:17:00 | 000,001,028 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010.11.26 14:12:39 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.11.11 21:17:47 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.11 20:41:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010.10.11 21:33:41 | 000,032,987 | ---- | C] () -- C:\Windows\Irremote.ini [2010.10.11 21:33:29 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2010.10.11 21:32:50 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.10.11 21:32:47 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2010.10.11 21:32:14 | 000,006,235 | ---- | C] () -- C:\Windows\HCWPNP.INI [2010.09.24 18:14:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.09.24 15:15:46 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI [2010.09.24 15:10:55 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2010.09.24 15:04:24 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll [2010.09.24 14:48:29 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2007.02.22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcecoin.dll [2006.12.01 09:24:02 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.31 16:37:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.08.10 14:00:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll [2005.08.18 06:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcevs.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll [2005.02.24 17:23:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcecnv4.dll [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2010.11.20 15:55:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView [2010.11.26 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2010.12.10 02:25:39 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL EXTRAOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.12.2010 15:17:37 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 177,00 Gb Total Space | 128,09 Gb Free Space | 72,37% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42CFE8D8-5A74-4E55-B4F9-C6228FFC42DF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4A4BC1F3-35DE-449D-AA5C-D84F0C66F4B3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5814DCCF-E7ED-4F34-BD0E-6E00CB44F479}" = protocol=17 | dir=in | app=c:\windows\system32\lxcecoms.exe |
"{69060395-9C6A-4F80-9090-3B9CB59FB789}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcepswx.exe |
"{7556460B-0B5C-4022-8839-A42491DC8DEC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7556DF7B-149D-4D3C-A87B-32F0AAB3569A}" = protocol=6 | dir=in | app=c:\windows\system32\lxcecoms.exe |
"{AF21F960-A761-4054-A364-6F417AAD8EE5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcepswx.exe |
"TCP Query User{C6ACF7B4-E818-4604-8022-EC13259D08D8}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{32F2F24A-A77C-451D-9721-21ADAABF32F6}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" =
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" =
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{97260AE9-A1EE-492E-8DCC-FD0AFF785720}" =
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plug-Ins
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{C183A21C-395A-490F-99D4-CCAB35E32859}" =
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E2B38044-AEF2-40AF-BDD8-FEDE799A8633}" =
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
"IrfanView" = IrfanView (remove only)
"Lexmark 4300 Series" = Lexmark 4300 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 2.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2010 09:44:00 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7143067
Error - 19.11.2010 06:32:43 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung UIExec.exe, Version 0.0.0.0, Zeitstempel 0x4b4daacd,
fehlerhaftes Modul UIExec.exe, Version 0.0.0.0, Zeitstempel 0x4b4daacd, Ausnahmecode
0xc0000417, Fehleroffset 0x00002b58, Prozess-ID 0x8f4, Anwendungsstartzeit 01cb87d516d683d1.
Error - 19.11.2010 07:53:32 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.11.2010 07:53:32 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3749905
Error - 19.11.2010 07:53:32 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3749905
Error - 19.11.2010 20:42:02 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.11.2010 20:42:02 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9376
Error - 19.11.2010 20:42:02 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9376
Error - 20.11.2010 10:48:14 | Computer Name = User-PC | Source = VSS | ID = 8194
Description =
Error - 21.11.2010 05:33:34 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung UIExec.exe, Version 0.0.0.0, Zeitstempel 0x4b4daacd,
fehlerhaftes Modul UIExec.exe, Version 0.0.0.0, Zeitstempel 0x4b4daacd, Ausnahmecode
0xc0000417, Fehleroffset 0x00002b58, Prozess-ID 0x87c, Anwendungsstartzeit 01cb895f1d1635d4.
[ System Events ]
Error - 10.11.2010 04:53:09 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.11.2010 06:58:27 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.11.2010 09:20:56 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.11.2010 um 14:18:50 unerwartet heruntergefahren.
Error - 13.11.2010 09:21:58 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.11.2010 04:35:25 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.11.2010 09:59:41 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.11.2010 um 14:56:20 unerwartet heruntergefahren.
Error - 16.11.2010 10:01:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.11.2010 14:28:37 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.11.2010 um 18:48:02 unerwartet heruntergefahren.
Error - 16.11.2010 14:30:10 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.11.2010 06:34:02 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
lasse gerade noch zusätzlich das programm MALWAREBYTES Anti-Malware einen suchlauf durchs system machen.. müsste gleich fertig sein....poste das ergebniss dann hier rein ok hier ist das Malwarebytes logfile...hoffe das ist alles soweit richtig was ich da mache Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 5286 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 10.12.2010 16:35:04 mbam-log-2010-12-10 (16-35-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 234951 Laufzeit: 58 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) kann mir jemand sagen was ich jetzt machen soll..mach mir echt gedanken das ich ein trojaner oder ähnliches habe...lg andy |
| Themen zu HEUR/HTML.Maleware (heuristic) Firefox 12.2010 |
| adblock, ahnung, appdata, avgntflt.sys, cache, computer, corp./icp, data restore, datei, firefox, firefox.exe, folge, frage, fragen, free, heur/html.maleware (heuristic) firefox 12.2010, heur/html.malware, home premium, install.exe, interne, internet, location, malware, malware gefunden, meldung, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, problem, probleme, programdata, saver, sched.exe, schön, searchplugins, shell32.dll, skype.exe, start menu, studio, surfe, surfen, trojaner, uiexec.exe, virus, würmer, würmern |
Baum-Darstellung