| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2010, 15:17
| #1 |
 |  Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV... Hallo, ich war scheinbar etwas zu unvorsichtig und habe mich auf AntiVir etwas zu sehr verlassen. Habe mir vor kurzem ein neuen WLan Router von Belkin gekauft, nun sind mir merkwürdige Einträge im Sicherheitslog ausgefallen: Code:
ATTFilter 12/17/2010 12:10:51 **TCP FIN Scan** 74.125.39.147, 80->> 192.168.2.2, 51508 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 193.227.146.1, 80->> 192.168.2.2, 51651 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 66.135.208.226, 80->> 192.168.2.2, 51732 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 216.239.116.65, 80->> 192.168.2.2, 51708 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 64.30.224.42, 80->> 192.168.2.2, 51704 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 63.215.202.48, 80->> 192.168.2.2, 51783 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 66.220.158.18, 80->> 192.168.2.2, 51769 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 87.238.85.225, 80->> 192.168.2.2, 51630 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 178.236.4.41, 80->> 192.168.2.2, 51641 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 62.108.136.80, 80->> 192.168.2.2, 51720 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 209.85.149.101, 80->> 192.168.2.2, 50910 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 79.125.24.51, 80->> 192.168.2.2, 51755 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 62.108.136.90, 80->> 192.168.2.2, 51699 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 209.85.149.167, 80->> 192.168.2.2, 51800 (from PPPoE1 Inbound)
12/17/2010 12:10:51 **TCP FIN Scan** 85.183.195.98, 80->> 192.168.2.2, 51636 (from PPPoE1 Inbound)
12/17/2010 12:06:57 **TCP FIN Scan** 192.168.2.2, 51141->> 74.125.43.91, 80 (from PPPoE1 Outbound)
12/17/2010 12:06:57 **TCP FIN Scan** 192.168.2.2, 51570->> 82.165.80.15, 80 (from PPPoE1 Outbound)
Das hat mich schon sehr verwundert, weshalb ich einen Systemscan mit AntiVir durchgeführt habe. Der hat dann 8 Funde ausgegeben. Code:
ATTFilter TR/Dropper.Gen
JAVA/ClassLoader.AV
TR/Gendal.892416.A
TR/Horse.HAT
TR/Crypt.XPACK.Gen
JAVA/Agent.M.1
TR/MSIL.Staem.KR
W32/Induc.A
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50
w**.malwarebytes.org
Datenbank Version: 5342
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
17.12.2010 15:05:21
mbam-log-2010-12-17 (15-05-21).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159823
Laufzeit: 4 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 17.12.2010 15:09:35 - Run 1 OTL by Old***er - Version 3.2.17.3 Folder = C:\Users\***\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free 8,00 Gb Paging File | 5,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 34,84 Gb Free Space | 34,84% Space Free | Partition Type: NTFS Drive D: | 365,66 Gb Total Space | 267,27 Gb Free Space | 73,09% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 888,81 Gb Free Space | 47,71% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (Old***er Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge hxxp://www.pdfforge.org/) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - c:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.) PRC - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe () PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (Old***er Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AirPrint) -- C:\Program Files (x86)\AirPrint\airprint.exe (Apple Inc.) SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE () SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_op***ization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_op***ization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.sys (Realtek Semiconductor Corp.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (qkbfiltr) -- C:\Windows\SysNative\drivers\qkbfiltr.sys (KM Software Team) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:3.5.2B FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.11.04 18:14:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.22 15:37:41 | 000,000,000 | ---D | M] [2010.07.28 12:43:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.12.14 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions [2010.08.31 10:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.28 15:39:14 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.10.22 10:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.09.24 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\amin.eft_PhProxy@gmail.com [2010.11.25 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gn2x7f0m.default\extensions\toolbar@ask.com [2010.10.21 15:34:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.10.21 15:34:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Trillian Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.17 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.12.17 14:33:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.17 14:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.17 14:33:30 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.17 14:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.17 01:01:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2010.12.16 17:37:18 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.12.16 17:37:15 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.12.16 17:36:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software [2010.12.16 17:36:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} [2010.12.16 17:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.12.16 17:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.12.16 17:32:02 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.12 17:37:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\101213 Haus am Meer [2010.12.12 15:48:34 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2010.12.12 15:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks Land 2009 [2010.12.02 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\American Hardcore [2010.11.28 15:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vectorworks Arch 2009 [2010.11.28 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nemetschek [2010.11.26 17:32:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDFCreator [2010.11.26 17:32:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDFCreator [2010.11.26 17:31:18 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2010.11.26 17:31:18 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2010.11.26 17:31:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2010.11.26 17:31:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2010.11.22 21:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirPrint [2010.11.22 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2010.11.22 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Trillian [2010.11.22 21:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian [2010.11.22 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\enchant [2010.11.22 20:48:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.purple [2010.11.22 20:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin [2010.11.17 17:02:01 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\pdf24 [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.17 15:11:46 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.12.17 15:04:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-851437178-3885849314-3502220186-1000UA.job [2010.12.17 14:53:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.17 14:04:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-851437178-3885849314-3502220186-1000Core.job [2010.12.17 10:43:37 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.17 10:41:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.17 10:41:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.17 10:33:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.12.17 10:33:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.17 10:33:40 | 3219,021,824 | -HS- | M] () -- C:\hiberfil.sys [2010.12.17 01:11:59 | 004,081,829 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.12.16 17:37:15 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.12.16 17:36:04 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.12.13 22:13:49 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.13 22:13:49 | 000,659,550 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.13 22:13:49 | 000,619,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.13 22:13:49 | 000,131,650 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.13 22:13:49 | 000,107,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.13 16:57:16 | 000,240,702 | ---- | M] () -- C:\Users\***\Desktop\UEbung_3_Haus_am_Meer.pdf [2010.12.13 16:39:41 | 000,067,075 | ---- | M] () -- C:\Users\***\Desktop\101213 Haus am Meer.pdf [2010.12.07 19:42:31 | 000,031,321 | ---- | M] () -- C:\Users\***\AppData\Local\CatalogW.xml.gz [2010.12.07 19:42:30 | 000,000,287 | ---- | M] () -- C:\Users\***\AppData\Local\VersionChecker_14.xml [2010.12.06 22:19:56 | 000,048,047 | ---- | M] () -- C:\Users\***\Desktop\10_12_06-Lebenslauf.pdf [2010.12.06 20:37:36 | 000,078,918 | ---- | M] () -- C:\Users\***\Desktop\BTS_Stellenausschreibung.pdf [2010.12.03 10:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.11.26 17:31:51 | 000,001,935 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk [2010.11.26 17:26:13 | 000,000,112 | ---- | M] () -- C:\Windows\SysWow64\~.inf [2010.11.22 18:23:18 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.16 17:36:04 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.12.13 16:57:19 | 000,240,702 | ---- | C] () -- C:\Users\***\Desktop\UEbung_3_Haus_am_Meer.pdf [2010.12.13 16:21:19 | 000,067,075 | ---- | C] () -- C:\Users\***\Desktop\101213 Haus am Meer.pdf [2010.12.07 19:42:30 | 000,031,321 | ---- | C] () -- C:\Users\***\AppData\Local\CatalogW.xml.gz [2010.12.06 21:59:38 | 000,048,047 | ---- | C] () -- C:\Users\***\Desktop\10_12_06-Lebenslauf.pdf [2010.12.06 20:37:34 | 000,078,918 | ---- | C] () -- C:\Users\***\Desktop\BTS_Stellenausschreibung.pdf [2010.11.29 17:33:52 | 000,000,287 | ---- | C] () -- C:\Users\***\AppData\Local\VersionChecker_14.xml [2010.11.26 17:31:51 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk [2010.11.26 17:31:17 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2010.11.26 17:25:24 | 000,000,112 | ---- | C] () -- C:\Windows\SysWow64\~.inf [2010.11.14 13:55:30 | 000,021,504 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.10.29 09:00:39 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.08.25 09:34:08 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.18 13:19:07 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2010.07.28 13:47:00 | 000,109,312 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.28 12:18:49 | 004,081,829 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db [2009.07.14 05:54:24 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2009.07.14 05:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini [2009.07.14 03:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009.07.14 03:34:57 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini [2009.07.14 03:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.11.22 20:58:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple [2010.11.07 13:48:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arendi [2010.12.17 10:43:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.08.31 10:58:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.22 20:48:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\enchant [2010.11.17 13:11:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.09.24 08:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro [2010.08.30 12:09:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2010.10.11 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iggels [2010.07.28 13:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.12.14 01:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\localhostr uploadr [2010.10.13 17:35:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LyX16 [2010.11.28 15:01:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nemetschek [2010.09.24 08:54:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2010.11.26 17:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDFCreator [2010.09.24 08:40:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2010.08.09 18:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software4u [2010.08.23 14:07:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.11.22 21:05:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian [2010.09.24 09:16:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Youtube Downloader HD [2010.11.19 09:19:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.12.2010 15:09:35 - Run 1
OTL by Old***er - Version 3.2.17.3 Folder = C:\Users\***\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 34,84 Gb Free Space | 34,84% Space Free | Partition Type: NTFS
Drive D: | 365,66 Gb Total Space | 267,27 Gb Free Space | 73,09% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 888,81 Gb Free Space | 47,71% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5600
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{21BF1592-7D07-4516-930C-2BF40CE9E59B}" = PDF-XChange Viewer
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{54217D12-40AD-4E37-8617-1F9AA19E9077}" = Keyboard Manager Utility
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.15
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BDFC179-CA30-4888-B16E-DD995C9A3473}" = Mobile Mouse Server
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DAC3FF2-E5D7-4EF5-9644-3C45A285A57F}" = QIP 2010 4240 Jeak-Edition
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_UL***ATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_UL***ATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_UL***ATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_UL***ATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_UL***ATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_UL***ATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_UL***ATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_UL***ATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ul***ate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_UL***ATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_UL***ATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9AFA4423-D0E3-4F92-908E-D4C9CEEB3DA3}" = Toodledo Sync Application
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB107874-3EDE-4D32-AA00-E52E785AE92E}_is1" = ASUS O!Play HDP-R1/R3 Internet radio manager version 0.10
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B8E285EA-8E84-49D1-8531-6049B68C14F8}_is1" = ASUS O!Play HDP-R1/R3 moServices Manager version 0.21
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = Quick***e
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Run***e - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86run***e_30729_01" = Visual C++ 2008 x86 Run***e - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.14.6" = Biet-O-Matic v2.14.6
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Daniusoft Digital Music Converter_is1" = Daniusoft Digital Music Converter(Build 2.4.1.0)
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"FormatFactory" = FormatFactory 2.50
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Handbrake" = Handbrake 0.9.4
"HotspotShield" = Hotspot Shield 1.52
"InstallShield_{54217D12-40AD-4E37-8617-1F9AA19E9077}" = Keyboard Manager Utility
"JDownloader" = JDownloader
"localhostr uploadr" = localhostr uploadr 1.2.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PDF Blender" = PDF Blender
"Pidgin" = Pidgin
"Renderworks 2009 SP1 R2" = Uninstall Renderworks 2009 SP1 R2
"RocketDock_is1" = RocketDock 1.3.5
"SUPER ©" = SUPER © Version 2010.bld.39 (Oct 24, 2010)
"TeamViewer 5" = TeamViewer 5
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trillian" = Trillian
"UL***ATER" = Microsoft Office Ul***ate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"Vectorworks Architektur 2009 SP1 R2" = Vectorworks Architektur 2009 SP1 R2
"Vectorworks Landschaft 2009 SP1 R2" = Vectorworks Landschaft 2009 SP1 R2
"Vectorworks Spotlight 2009 SP1 R2" = Vectorworks Spotlight 2009 SP1 R2
"VLC media player" = VLC media player 1.1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aspell" = Aspell Data (Installed for Current User)
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.5
"Google Chrome" = Google Chrome
"LyX" = LyX 1.6.7-4 (Installed for Current User)
"MiKTeX 2.9" = MiKTeX 2.9
"QIP 2010" = QIP 2010 10.9.29.4196
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.12.2010 19:27:00 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID s***mt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 15.12.2010 21:36:34 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 16.12.2010 12:36:20 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 16.12.2010 12:37:28 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 348: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 16.12.2010 12:37:36 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 16.12.2010 12:42:54 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 348: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 16.12.2010 16:17:17 | Computer Name = ***-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 16.12.2010 19:31:31 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID s***mt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 16.12.2010 20:12:04 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 17.12.2010 10:09:02 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: msieftp.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdfe3 Ausnahmecode: 0xc000041d Fehleroffset: 0x0000000000018b70
ID
des fehlerhaften Prozesses: 0x670 Startzeit der fehlerhaften Anwendung: 0x01cb9dcedd6a8914
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\msieftp.dll Berichtskennung: 32b4e6b1-09e7-11e0-b55a-a56a7c8f2f79
[ OSession Events ]
Error - 30.09.2010 15:11:26 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active ***e. This session ended with a crash.
Error - 02.11.2010 06:32:38 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active ***e. This session ended with a crash.
Error - 02.11.2010 06:34:02 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45
seconds with 0 seconds of active ***e. This session ended with a crash.
Error - 02.11.2010 06:34:34 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active ***e. This session ended with a crash.
Error - 02.11.2010 06:36:03 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77
seconds with 60 seconds of active ***e. This session ended with a crash.
[ System Events ]
Error - 09.10.2010 10:47:05 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description =
Error - 13.10.2010 14:12:05 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description =
Error - 13.10.2010 14:16:51 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description =
Error - 13.10.2010 14:25:54 | Computer Name = ***-PC | Source = ipnathlp | ID = 34001
Description =
< End of report >
Ich habe keine Ahnung wie ich mir unbemerkt eine solche Menge an Schädlingen einfangen konnte. Bisher dachte ich mein System wäre sauber und gut geschützt. Ich bin mir jetzt ziemlich unsicher wie ich vorgehen sollte und mache mir Sorgen um meine Passwörter (Online Banking etc.). Hoffentlich könnt ihr mir einen Rat geben. Was für Informationen benötigt ihr hierfür noch von mir? Irgendwie peinlich so ein verseuchtes System... |
|
17.12.2010, 18:04
| #2 |
| | Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV... Ich habe zusätzlich hier noch einen Ad-aware- und einen HijackThis Log:
__________________Ad-aware Code:
ATTFilter
Logfile created: 17.12.2010 15:27:02
Ad-Aware version: 9.0.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: ***
*********************** Definitions database information ***********************
Lavasoft definition file: 150.204
Genotype definition file version: 2010/12/15 07:50:21
Extended engine definition file: 7675.0
******************************** Scan results: *********************************
Scan profile name: Vollständiger Scan (ID: full)
Objects scanned: 260893
Objects detected: 0
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Scan and cleaning complete: Finished correctly after 8043 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vollständiger Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Thu Dec 16 17:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Thu Dec 16 23:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Thu Dec 16 05:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Thu Dec 16 11:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Thu Dec 16 17:37:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: ***-PC
Processor name: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Processor identifier: Intel64 Family 6 Model 23 Stepping 6
Processor speed: ~2394MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 5894, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 2646544384 bytes
Physical memory total: 4292030464 bytes
Virtual memory available: 1805348864 bytes
Virtual memory total: 2147352576 bytes
Memory load: 38%
Microsoft (build 7600)
Windows startup mode:
Running processes:
PID: 304 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 448 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 520 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 532 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 568 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 584 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 592 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 704 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 788 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 828 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 888 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 920 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 960 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 488 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 968 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1140 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1188 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1312 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1436 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1468 name: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1488 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1600 name: C:\Program Files (x86)\AirPrint\airprint.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1624 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1660 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1708 name: C:\Program Files (x86)\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1740 name: C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1776 name: C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1808 name: C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1828 name: C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1872 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1892 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2004 name: C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1736 name: C:\Windows\splwow64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1864 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2136 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2228 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2428 name: C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2596 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2700 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2608 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2076 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2644 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3008 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1352 name: C:\Windows\System32\taskhost.exe owner: *** domain: ***-PC
PID: 2484 name: C:\Windows\System32\dwm.exe owner: *** domain: ***-PC
PID: 3248 name: C:\Windows\RAVCpl64.exe owner: *** domain: ***-PC
PID: 3264 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: *** domain: ***-PC
PID: 3272 name: C:\Program Files\Logitech\SetPointP\SetPoint.exe owner: *** domain: ***-PC
PID: 3312 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: *** domain: ***-PC
PID: 3328 name: C:\Program Files (x86)\RocketDock\RocketDock.exe owner: *** domain: ***-PC
PID: 3340 name: C:\Windows\System32\StikyNot.exe owner: *** domain: ***-PC
PID: 3392 name: C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe owner: *** domain: ***-PC
PID: 3616 name: C:\Users\***\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe owner: *** domain: ***-PC
PID: 3724 name: C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe owner: *** domain: ***-PC
PID: 3816 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe owner: *** domain: ***-PC
PID: 3968 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe owner: *** domain: ***-PC
PID: 4048 name: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe owner: *** domain: ***-PC
PID: 276 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: *** domain: ***-PC
PID: 2832 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 4108 name: C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe owner: *** domain: ***-PC
PID: 4116 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: *** domain: ***-PC
PID: 4128 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: *** domain: ***-PC
PID: 4136 name: C:\Program Files (x86)\PDFCreator\PDFCreator.exe owner: *** domain: ***-PC
PID: 4184 name: C:\Program Files (x86)\Chromatic Dragon\Toodledo Sync Application\SyncApp.exe owner: *** domain: ***-PC
PID: 4208 name: C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe owner: *** domain: ***-PC
PID: 4220 name: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE owner: *** domain: ***-PC
PID: 4296 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4864 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 4988 name: C:\Windows\System32\dllhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5164 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: *** domain: ***-PC
PID: 4840 name: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE owner: *** domain: ***-PC
PID: 5828 name: C:\Windows\System32\wuauclt.exe owner: *** domain: ***-PC
PID: 5384 name: C:\Windows\System32\taskhost.exe owner: *** domain: ***-PC
PID: 5388 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 3812 name: C:\Windows\explorer.exe owner: *** domain: ***-PC
PID: 4632 name: C:\Windows\notepad.exe owner: *** domain: ***-PC
PID: 3852 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: *** domain: ***-PC
PID: 3240 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Malwarebytes' Anti-Malware
imagepath: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Name: Keyboard Manager Utility
imagepath: "C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang DE /H
Name: avgnt
imagepath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Name: GrooveMonitor
imagepath: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
Name: IAStorIcon
imagepath: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Name: DivXUpdate
imagepath: "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Name: QuickTime Task
imagepath: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Adobe ARM
imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: iTunesHelper
imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
imagepath: C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
imagepath: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
imagepath: C:\Program Files (x86)\PDFCreator\PDFCreator.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toodledo Sync Tool.lnk
imagepath: C:\Windows\Installer\{9AFA4423-D0E3-4F92-908E-D4C9CEEB3DA3}\_4EBBCD3A645B53E3579F1E.exe
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: AeLookupSvc
displayname: Anwendungserfahrung
Name: AirPrint
displayname: ArPrint
Name: AntiVirSchedulerService
displayname: Avira AntiVir Planer
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Appinfo
displayname: Anwendungsinformationen
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
displayname: Windows-Audio
Name: BFE
displayname: Basisfiltermodul
Name: BITS
displayname: Intelligenter Hintergrundübertragungsdienst
Name: Bonjour Service
displayname: Dienst "Bonjour"
Name: Browser
displayname: Computerbrowser
Name: CryptSvc
displayname: Kryptografiedienste
Name: CscService
displayname: Offlinedateien
Name: CVPND
displayname: Cisco Systems, Inc. VPN Service
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: EapHost
displayname: Extensible Authentication-Protokoll
Name: eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: fdPHost
displayname: Funktionssuchanbieter-Host
Name: FDResPub
displayname: Funktionssuche-Ressourcenveröffentlichung
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: HomeGroupListener
displayname: Heimnetzgruppen-Listener
Name: HomeGroupProvider
displayname: Heimnetzgruppen-Anbieter
Name: HotspotShieldService
displayname: Hotspot Shield Service
Name: HssSrv
displayname: Hotspot Shield Routing Service
Name: HssWd
displayname: Hotspot Shield Monitoring Service
Name: IAStorDataMgrSvc
displayname: Intel(R) Rapid Storage Technology
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: iPod Service
displayname: iPod-Dienst
Name: KeyIso
displayname: CNG-Schlüsselisolation
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MpsSvc
displayname: Windows-Firewall
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: p2pimsvc
displayname: Peernetzwerkidentitäts-Manager
Name: p2psvc
displayname: Peernetzwerk-Gruppenzuordnung
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
displayname: Plug & Play
Name: PNRPsvc
displayname: Peer Name Resolution-Protokoll
Name: Power
displayname: Stromversorgung
Name: ProfSvc
displayname: Benutzerprofildienst
Name: ProtectedStorage
displayname: Geschützter Speicher
Name: RpcEptMapper
displayname: RPC-Endpunktzuordnung
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: Schedule
displayname: Aufgabenplanung
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: Spooler
displayname: Druckwarteschlange
Name: SSDPSRV
displayname: SSDP-Suche
Name: stisvc
displayname: Windows-Bilderfassung (WIA)
Name: SysMain
displayname: Superfetch
Name: TapiSrv
displayname: Telefonie
Name: TeamViewer5
displayname: TeamViewer 5
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: WdiServiceHost
displayname: Diagnosediensthost
Name: WdiSystemHost
displayname: Diagnosesystemhost
Name: WerSvc
displayname: Windows-Fehlerberichterstattungsdienst
Name: WinDefend
displayname: Windows Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: Wlansvc
displayname: Automatische WLAN-Konfiguration
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: wscsvc
displayname: Sicherheitscenter
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
Code:
ATTFilter HiJackthis Logfile: |
|
| Themen zu Multiple Infektionen meines Systems u.a. TR/Dropper.Gen, JAVA/ClassLoader.AV... |
| 64-bit, ad-aware, antivir, autorun, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, converter, desktop, downloader, dropbox, error, excel, fehler, firefox, flash player, format, google, google chrome, hotspot, hotspot shield, iastor.sys, ieframe.dll, install.exe, jdownloader, location, logfile, microsoft office word, mozilla, office 2007, otl.exe, outbound, plug-in, programdata, realtek, registry, richtlinie, rundll, saver, scan, sched.exe, searchplugins, security, security update, shell32.dll, shortcut, software, start menu, super, syswow64, unbemerkt, usb 2.0, usbaapl64, vlc media player, webcheck, windows xp, youtube downloader |
Linear-Darstellung
