Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV...

Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV...


Plagegeister aller Art und deren Bekämpfung: Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.12.2010, 15:17   #1
Picollus
 
Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV... - Standard

Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV...


Hallo,

ich war scheinbar etwas zu unvorsichtig und habe mich auf AntiVir etwas zu sehr verlassen.
Habe mir vor kurzem ein neuen WLan Router von Belkin gekauft, nun sind mir merkwürdige Einträge im Sicherheitslog ausgefallen:

Code:
ATTFilter
12/17/2010 12:10:51	**TCP FIN Scan** 74.125.39.147, 80->> 192.168.2.2, 51508 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 193.227.146.1, 80->> 192.168.2.2, 51651 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 66.135.208.226, 80->> 192.168.2.2, 51732 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 216.239.116.65, 80->> 192.168.2.2, 51708 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 64.30.224.42, 80->> 192.168.2.2, 51704 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 63.215.202.48, 80->> 192.168.2.2, 51783 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 66.220.158.18, 80->> 192.168.2.2, 51769 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 87.238.85.225, 80->> 192.168.2.2, 51630 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 178.236.4.41, 80->> 192.168.2.2, 51641 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 62.108.136.80, 80->> 192.168.2.2, 51720 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 209.85.149.101, 80->> 192.168.2.2, 50910 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 79.125.24.51, 80->> 192.168.2.2, 51755 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 62.108.136.90, 80->> 192.168.2.2, 51699 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 209.85.149.167, 80->> 192.168.2.2, 51800 (from PPPoE1 Inbound)
12/17/2010 12:10:51	**TCP FIN Scan** 85.183.195.98, 80->> 192.168.2.2, 51636 (from PPPoE1 Inbound)
12/17/2010 12:06:57	**TCP FIN Scan** 192.168.2.2, 51141->> 74.125.43.91, 80 (from PPPoE1 Outbound)
12/17/2010 12:06:57	**TCP FIN Scan** 192.168.2.2, 51570->> 82.165.80.15, 80 (from PPPoE1 Outbound)
Zudem ist gestern dann etwas merkwürdiges mit meinem facebook Account passiert. Ich wollte mich dort einloggen und bekam die Meldung das jemand aus Rotterdam versucht hat sich mit meinen Daten anzumelden.

Das hat mich schon sehr verwundert, weshalb ich einen Systemscan mit AntiVir durchgeführt habe. Der hat dann 8 Funde ausgegeben.

Code:
ATTFilter
TR/Dropper.Gen
JAVA/ClassLoader.AV
TR/Gendal.892416.A
TR/Horse.HAT
TR/Crypt.XPACK.Gen
JAVA/Agent.M.1
TR/MSIL.Staem.KR
W32/Induc.A
Hier ist der Log vom Malwarebytes Quickscan

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50
w**.malwarebytes.org

Datenbank Version: 5342

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.12.2010 15:05:21
mbam-log-2010-12-17 (15-05-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159823
Laufzeit: 4 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hier die OTL Logs

Code:
ATTFilter
OTL logfile created on: 17.12.2010 15:09:35 - Run 1
OTL by Old***er - Version 3.2.17.3     Folder = C:\Users\***\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 34,84 Gb Free Space | 34,84% Space Free | Partition Type: NTFS
Drive D: | 365,66 Gb Total Space | 267,27 Gb Free Space | 73,09% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 888,81 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (Old***er Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (Old***er Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AirPrint) -- C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_op***ization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_op***ization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (qkbfiltr) -- C:\Windows\SysNative\drivers\qkbfiltr.sys (KM Software Team)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:3.5.2B
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.11.04 18:14:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.22 15:37:41 | 000,000,000 | ---D | M]
 
[2010.07.28 12:43:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.14 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions
[2010.08.31 10:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.28 15:39:14 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.10.22 10:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.09.24 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\amin.eft_PhProxy@gmail.com
[2010.11.25 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\toolbar@ask.com
[2010.10.21 15:34:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.21 15:34:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.17 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.17 14:33:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.17 14:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.17 14:33:30 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.17 14:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.17 01:01:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.12.16 17:37:18 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.12.16 17:37:15 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.12.16 17:36:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software
[2010.12.16 17:36:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010.12.16 17:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.12.16 17:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.12.16 17:32:02 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.12 17:37:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\101213 Haus am Meer
[2010.12.12 15:48:34 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.12.12 15:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks Land 2009
[2010.12.02 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\American Hardcore
[2010.11.28 15:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks Arch 2009
[2010.11.28 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nemetschek
[2010.11.26 17:32:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDFCreator
[2010.11.26 17:32:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDFCreator
[2010.11.26 17:31:18 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2010.11.26 17:31:18 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2010.11.26 17:31:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2010.11.26 17:31:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2010.11.22 21:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirPrint
[2010.11.22 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010.11.22 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Trillian
[2010.11.22 21:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2010.11.22 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\enchant
[2010.11.22 20:48:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.purple
[2010.11.22 20:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2010.11.17 17:02:01 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\pdf24
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.17 15:11:46 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.12.17 15:04:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-851437178-3885849314-3502220186-1000UA.job
[2010.12.17 14:53:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.17 14:04:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-851437178-3885849314-3502220186-1000Core.job
[2010.12.17 10:43:37 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.17 10:41:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.17 10:41:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.17 10:33:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.12.17 10:33:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.17 10:33:40 | 3219,021,824 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.17 01:11:59 | 004,081,829 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.12.16 17:37:15 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.12.16 17:36:04 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.12.13 22:13:49 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.13 22:13:49 | 000,659,550 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.13 22:13:49 | 000,619,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.13 22:13:49 | 000,131,650 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.13 22:13:49 | 000,107,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.13 16:57:16 | 000,240,702 | ---- | M] () -- C:\Users\***\Desktop\UEbung_3_Haus_am_Meer.pdf
[2010.12.13 16:39:41 | 000,067,075 | ---- | M] () -- C:\Users\***\Desktop\101213 Haus am Meer.pdf
[2010.12.07 19:42:31 | 000,031,321 | ---- | M] () -- C:\Users\***\AppData\Local\CatalogW.xml.gz
[2010.12.07 19:42:30 | 000,000,287 | ---- | M] () -- C:\Users\***\AppData\Local\VersionChecker_14.xml
[2010.12.06 22:19:56 | 000,048,047 | ---- | M] () -- C:\Users\***\Desktop\10_12_06-Lebenslauf.pdf
[2010.12.06 20:37:36 | 000,078,918 | ---- | M] () -- C:\Users\***\Desktop\BTS_Stellenausschreibung.pdf
[2010.12.03 10:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.26 17:31:51 | 000,001,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
[2010.11.26 17:26:13 | 000,000,112 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2010.11.22 18:23:18 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.16 17:36:04 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.12.13 16:57:19 | 000,240,702 | ---- | C] () -- C:\Users\***\Desktop\UEbung_3_Haus_am_Meer.pdf
[2010.12.13 16:21:19 | 000,067,075 | ---- | C] () -- C:\Users\***\Desktop\101213 Haus am Meer.pdf
[2010.12.07 19:42:30 | 000,031,321 | ---- | C] () -- C:\Users\***\AppData\Local\CatalogW.xml.gz
[2010.12.06 21:59:38 | 000,048,047 | ---- | C] () -- C:\Users\***\Desktop\10_12_06-Lebenslauf.pdf
[2010.12.06 20:37:34 | 000,078,918 | ---- | C] () -- C:\Users\***\Desktop\BTS_Stellenausschreibung.pdf
[2010.11.29 17:33:52 | 000,000,287 | ---- | C] () -- C:\Users\***\AppData\Local\VersionChecker_14.xml
[2010.11.26 17:31:51 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
[2010.11.26 17:31:17 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2010.11.26 17:25:24 | 000,000,112 | ---- | C] () -- C:\Windows\SysWow64\~.inf
[2010.11.14 13:55:30 | 000,021,504 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.10.29 09:00:39 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.08.25 09:34:08 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.18 13:19:07 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.07.28 13:47:00 | 000,109,312 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.28 12:18:49 | 004,081,829 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db
[2009.07.14 05:54:24 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini
[2009.07.14 05:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009.07.14 03:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009.07.14 03:34:57 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009.07.14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.11.22 20:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple
[2010.11.07 13:48:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arendi
[2010.12.17 10:43:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.08.31 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.22 20:48:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\enchant
[2010.11.17 13:11:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.09.24 08:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2010.08.30 12:09:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2010.10.11 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iggels
[2010.07.28 13:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.12.14 01:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\localhostr uploadr
[2010.10.13 17:35:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LyX16
[2010.11.28 15:01:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek
[2010.09.24 08:54:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2010.11.26 17:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDFCreator
[2010.09.24 08:40:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2010.08.09 18:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software4u
[2010.08.23 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.22 21:05:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian
[2010.09.24 09:16:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Youtube Downloader HD
[2010.11.19 09:19:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 17.12.2010 15:09:35 - Run 1
OTL by Old***er - Version 3.2.17.3     Folder = C:\Users\***\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 34,84 Gb Free Space | 34,84% Space Free | Partition Type: NTFS
Drive D: | 365,66 Gb Total Space | 267,27 Gb Free Space | 73,09% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 888,81 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5600
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{21BF1592-7D07-4516-930C-2BF40CE9E59B}" = PDF-XChange Viewer
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{54217D12-40AD-4E37-8617-1F9AA19E9077}" = Keyboard Manager Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.15
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BDFC179-CA30-4888-B16E-DD995C9A3473}" = Mobile Mouse Server
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DAC3FF2-E5D7-4EF5-9644-3C45A285A57F}" = QIP 2010 4240 Jeak-Edition
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_UL***ATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_UL***ATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_UL***ATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_UL***ATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_UL***ATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_UL***ATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_UL***ATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ul***ate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_UL***ATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_UL***ATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9AFA4423-D0E3-4F92-908E-D4C9CEEB3DA3}" = Toodledo Sync Application
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB107874-3EDE-4D32-AA00-E52E785AE92E}_is1" = ASUS O!Play HDP-R1/R3 Internet radio manager version 0.10
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B8E285EA-8E84-49D1-8531-6049B68C14F8}_is1" = ASUS O!Play HDP-R1/R3 moServices Manager version 0.21
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = Quick***e
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Run***e - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86run***e_30729_01" = Visual C++ 2008 x86 Run***e - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.14.6" = Biet-O-Matic v2.14.6
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Daniusoft Digital Music Converter_is1" = Daniusoft Digital Music Converter(Build 2.4.1.0)
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"FormatFactory" = FormatFactory 2.50
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Handbrake" = Handbrake 0.9.4
"HotspotShield" = Hotspot Shield 1.52
"InstallShield_{54217D12-40AD-4E37-8617-1F9AA19E9077}" = Keyboard Manager Utility
"JDownloader" = JDownloader
"localhostr uploadr" = localhostr uploadr 1.2.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PDF Blender" = PDF Blender
"Pidgin" = Pidgin
"Renderworks 2009 SP1 R2" = Uninstall Renderworks 2009 SP1 R2
"RocketDock_is1" = RocketDock 1.3.5
"SUPER ©" = SUPER © Version 2010.bld.39 (Oct 24, 2010)
"TeamViewer 5" = TeamViewer 5
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trillian" = Trillian
"UL***ATER" = Microsoft Office Ul***ate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"Vectorworks Architektur 2009 SP1 R2" = Vectorworks Architektur 2009 SP1 R2
"Vectorworks Landschaft 2009 SP1 R2" = Vectorworks Landschaft 2009 SP1 R2
"Vectorworks Spotlight 2009 SP1 R2" = Vectorworks Spotlight 2009 SP1 R2
"VLC media player" = VLC media player 1.1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aspell" = Aspell Data (Installed for Current User)
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.5
"Google Chrome" = Google Chrome
"LyX" = LyX 1.6.7-4 (Installed for Current User)
"MiKTeX 2.9" = MiKTeX 2.9
"QIP 2010" = QIP 2010 10.9.29.4196
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2010 19:27:00 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID s***mt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.12.2010 21:36:34 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 16.12.2010 12:36:20 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 16.12.2010 12:37:28 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 348: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 16.12.2010 12:37:36 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 16.12.2010 12:42:54 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 348: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 16.12.2010 16:17:17 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 16.12.2010 19:31:31 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID s***mt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 16.12.2010 20:12:04 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 17.12.2010 10:09:02 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: msieftp.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdfe3  Ausnahmecode: 0xc000041d  Fehleroffset: 0x0000000000018b70
ID
 des fehlerhaften Prozesses: 0x670  Startzeit der fehlerhaften Anwendung: 0x01cb9dcedd6a8914
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\msieftp.dll  Berichtskennung: 32b4e6b1-09e7-11e0-b55a-a56a7c8f2f79
 
[ OSession Events ]
Error - 30.09.2010 15:11:26 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active ***e.  This session ended with a crash.
 
Error - 02.11.2010 06:32:38 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
 seconds with 0 seconds of active ***e.  This session ended with a crash.
 
Error - 02.11.2010 06:34:02 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45
 seconds with 0 seconds of active ***e.  This session ended with a crash.
 
Error - 02.11.2010 06:34:34 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active ***e.  This session ended with a crash.
 
Error - 02.11.2010 06:36:03 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77
 seconds with 60 seconds of active ***e.  This session ended with a crash.
 
[ System Events ]
Error - 09.10.2010 10:47:05 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 13.10.2010 14:12:05 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 13.10.2010 14:16:51 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 13.10.2010 14:25:54 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description = 
 
 
< End of report >

Ich habe keine Ahnung wie ich mir unbemerkt eine solche Menge an Schädlingen einfangen konnte. Bisher dachte ich mein System wäre sauber und gut geschützt.

Ich bin mir jetzt ziemlich unsicher wie ich vorgehen sollte und mache mir Sorgen um meine Passwörter (Online Banking etc.).

Hoffentlich könnt ihr mir einen Rat geben. Was für Informationen benötigt ihr hierfür noch von mir? Irgendwie peinlich so ein verseuchtes System...

 

Themen zu Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV...
64-bit, ad-aware, antivir, autorun, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, converter, desktop, downloader, dropbox, error, excel, fehler, firefox, flash player, format, google, google chrome, hotspot, hotspot shield, iastor.sys, ieframe.dll, install.exe, jdownloader, location, logfile, microsoft office word, mozilla, office 2007, otl.exe, outbound, plug-in, programdata, realtek, registry, richtlinie, rundll, saver, scan, sched.exe, searchplugins, security, security update, shell32.dll, shortcut, software, start menu, super, syswow64, unbemerkt, usb 2.0, usbaapl64, vlc media player, webcheck, windows xp, youtube downloader


« explorer problem mit tr/patched kl 242 | wbumia.exe ? »


Ähnliche Themen: Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV...


  1. über 800! infektionen auf PC meines Schwagers von Malwarebytes gefunden
    Log-Analyse und Auswertung - 07.02.2014 (5)
  2. Trojaner Java/ClassLoader in Anwendungsdaten\Sun\Java\
    Log-Analyse und Auswertung - 23.04.2013 (9)
  3. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  4. GMER Auswertung meines Systems?
    Log-Analyse und Auswertung - 29.11.2011 (2)
  5. JAVA/ClassLoader.AB
    Log-Analyse und Auswertung - 13.05.2011 (21)
  6. Avira findet JAVA/ClassLoader.AB
    Log-Analyse und Auswertung - 10.03.2011 (12)
  7. Problem mit Virus \ Java/ClassLoader.BO \
    Log-Analyse und Auswertung - 26.11.2010 (0)
  8. JAVA/ClassLoader - Virus oder Falschmeldung?
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (9)
  9. JAVA/ClassLoader.AG
    Plagegeister aller Art und deren Bekämpfung - 07.10.2010 (1)
  10. Wie beurteilt ihr die Sicherheit meines Systems?
    Antiviren-, Firewall- und andere Schutzprogramme - 13.03.2009 (2)
  11. Derzeitiger Stand meines Systems
    Log-Analyse und Auswertung - 08.03.2009 (1)
  12. Gesammt Check meines Systems
    Plagegeister aller Art und deren Bekämpfung - 21.01.2009 (1)
  13. Java/ClassLoader.AA Trojaner entfernen
    Antiviren-, Firewall- und andere Schutzprogramme - 31.12.2007 (7)
  14. Trojan.Java.ClassLoader.as
    Plagegeister aller Art und deren Bekämpfung - 06.11.2007 (1)
  15. Zustand nach Trojan.Java.ClassLoader.ao
    Log-Analyse und Auswertung - 28.06.2007 (2)
  16. Trojan.Java.ClassLoader gefunden - wie kann ich ihn entfernen?
    Log-Analyse und Auswertung - 16.05.2005 (1)
  17. Trojan.Java.ClassLoader.D
    Plagegeister aller Art und deren Bekämpfung - 29.11.2003 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV... - Hallo, ich war scheinbar etwas zu unvorsichtig und habe mich auf AntiVir etwas zu sehr verlassen. Habe mir vor kurzem ein neuen WLan Router von Belkin gekauft, nun sind mir - Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV......

Alle Zeitangaben in WEZ +1. Es ist jetzt 20:52 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131