Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java Trojaner Fund trotz deinstaliertem Java

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.02.2011, 15:03   #1
Sprite
 
Java Trojaner Fund trotz deinstaliertem Java - Standard

Java Trojaner Fund trotz deinstaliertem Java



Hallo Leute,

ich habe heute einen Routinescann mit dem Trend Micro HouseCall durchgeführt und dabei wurde mir ein Java Trojaner im Ordner "C:\Users\Calculon\AppData\LocalLow\Sun\" gemeldet. Ich scanne ab und an meinen Rechner über einen Onlinescanner um auf Nummer sicher zu gehen ob mein Antivir wirklich gute Arbeit leistet. Scheinbar hat Antivir den Schädling übersehen. Blöder Weise habe ich aus blindem Aktionismus den Schädling entfernen lassen ohne mir den Namen zu notieren. Da ich jetzt nicht sicher bin ob mein System wirklich sauber ist, habe ich Logs mit Malwarebytes-Anti-Malware und OTL - Systemscan erstellt. Wäre jemand von uch so nett und könnte sich die Logs mal angucken? Java habe ich übrigens nicht (mehr) installiert.

Hier noch die Systemdaten:

- Windows 7 Professional 32 Bit
- Nur ein Systembenutzer
- Antivir Premium Security Suite
- Agnitum Outpost Firewall

Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5809

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.02.2011 15:40:19
mbam-log-2011-02-19 (15-40-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 213017
Laufzeit: 39 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
OTL logfile:

Code:
ATTFilter
OTL logfile created on: 19.02.2011 15:42:48 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Calculon\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,73 Gb Total Space | 59,36 Gb Free Space | 70,90% Space Free | Partition Type: NTFS
Drive E: | 1,89 Gb Total Space | 1,67 Gb Free Space | 88,07% Space Free | Partition Type: FAT
 
Computer Name: CLACULON | User Name: Calculon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Calculon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Calculon\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Programme\Agnitum\Outpost Security Suite Pro\wl_hook.dll (Agnitum Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (acssrv) -- C:\Programme\Agnitum\Outpost Security Suite Pro\acs.exe (Agnitum Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VBEngNT) -- C:\Windows\System32\drivers\VBEngNT.sys (VirusBuster Kft.)
DRV - (SandBox) -- C:\Windows\System32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\Windows\System32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\Windows\System32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (afwcore) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (afw) -- C:\Windows\System32\drivers\afw.sys (Agnitum Ltd.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (dlkmd) -- C:\Windows\system32\drivers\dlkmd.sys (DisplayLink Corp.)
DRV - (dlkmdldr) -- C:\Windows\system32\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (RICOH SmartCard Reader) -- C:\Windows\System32\drivers\rismc32.sys (RICOH Company, Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.21 20:38:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.15 11:04:19 | 000,000,000 | ---D | M]
 
[2011.02.06 13:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.15 11:04:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.12.02 09:31:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.02 09:31:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.02 09:31:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.02 09:31:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.02 09:31:53 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Programme\Agnitum\Outpost Security Suite Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [iPhone Explorer Launcher] C:\Program Files\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Programme\Agnitum\Outpost Security Suite Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.19 15:02:36 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Calculon\Desktop\OTL.exe
[2011.02.19 14:59:53 | 000,000,000 | ---D | C] -- C:\Users\Calculon\AppData\Roaming\Malwarebytes
[2011.02.19 14:59:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.19 14:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.19 14:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.19 14:59:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.19 14:59:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.19 14:59:08 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Calculon\Desktop\mbam-setup-1.50.1.1100.exe
[2011.02.19 14:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema
[2011.02.19 14:21:16 | 000,000,000 | ---D | C] -- C:\Programme\Media Player Classic - Home Cinema
[2011.02.14 20:26:21 | 000,000,000 | ---D | C] -- C:\Users\Calculon\AppData\Roaming\Software4u
[2011.02.14 20:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Explorer
[2011.02.14 20:25:58 | 000,000,000 | ---D | C] -- C:\Programme\Software4u
[2011.02.11 18:19:34 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.11 18:19:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.11 18:19:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.11 18:19:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.11 18:19:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.11 18:19:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.11 18:19:27 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.11 18:19:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.11 18:19:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.11 18:19:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.11 18:19:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.11 18:19:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.11 18:19:17 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.11 18:19:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.11 18:19:15 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.11 18:19:15 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.11 18:19:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.02.11 18:19:10 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.02.11 18:19:10 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.02.11 18:19:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.02.11 18:19:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.02.08 18:22:41 | 000,000,000 | ---D | C] -- C:\Users\Calculon\Desktop\ACPI
[2011.02.06 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.02.06 14:19:00 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.02.06 14:18:59 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.02.06 12:21:55 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2011.01.31 22:44:33 | 000,000,000 | ---D | C] -- C:\Programme\soft Xpansion
[2011.01.31 22:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\soft Xpansion
[2011.01.31 22:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2011.01.31 22:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.01.31 22:22:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.01.31 22:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\soft Xpansion
[2011.01.31 22:13:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2011.01.31 22:02:15 | 000,000,000 | ---D | C] -- C:\comcash
[2011.01.25 23:26:49 | 000,000,000 | ---D | C] -- C:\Users\Calculon\Desktop\Hackint0sh
[2011.01.22 16:26:17 | 000,081,920 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys
[2011.01.22 16:26:11 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\SER9PL.sys
[2011.01.22 16:07:59 | 000,000,000 | ---D | C] -- C:\VAG-COM_PCI311.3_DE
[2011.01.22 14:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraCompare
[2011.01.22 14:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2011.01.22 14:36:49 | 000,000,000 | ---D | C] -- C:\Users\Calculon\AppData\Roaming\IDMComp
[2011.01.22 14:36:49 | 000,000,000 | ---D | C] -- C:\Programme\IDM Computer Solutions
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.19 15:02:43 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Calculon\Desktop\OTL.exe
[2011.02.19 14:59:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Calculon\Desktop\mbam-setup-1.50.1.1100.exe
[2011.02.19 11:05:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.18 20:19:31 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.18 20:19:31 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.18 20:19:31 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.18 20:19:31 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.18 19:03:39 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.18 19:03:39 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.18 18:56:00 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.12 10:56:04 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.06 14:19:16 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.06 14:06:51 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011.02.06 12:23:04 | 000,000,036 | ---- | M] () -- C:\Users\Calculon\AppData\Local\housecall.guid.cache
[2011.02.03 06:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.02.02 16:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) -- C:\Windows\System32\drivers\VBEngNT.sys
[2011.02.02 15:52:40 | 000,710,824 | ---- | M] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys
[2011.01.31 22:45:59 | 000,000,096 | ---- | M] () -- C:\Users\Calculon\AppData\Local\fusioncache.dat
[2011.01.22 16:06:21 | 000,000,000 | -H-- | M] () -- C:\Windows\msds.dat
 
========== Files Created - No Company Name ==========
 
[2011.02.06 14:19:16 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.06 12:23:04 | 000,000,036 | ---- | C] () -- C:\Users\Calculon\AppData\Local\housecall.guid.cache
[2011.01.31 22:45:59 | 000,000,096 | ---- | C] () -- C:\Users\Calculon\AppData\Local\fusioncache.dat
[2011.01.22 16:26:14 | 000,026,719 | ---- | C] () -- C:\Windows\System32\SERSPL.VXD
[2011.01.22 16:06:21 | 000,000,000 | -H-- | C] () -- C:\Windows\msds.dat
[2010.12.22 19:21:38 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.22 19:21:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.21 19:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Calculon\AppData\Local\QSwitch.txt
[2010.12.21 19:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Calculon\AppData\Local\DSwitch.txt
[2010.12.21 19:22:27 | 000,000,000 | ---- | C] () -- C:\Users\Calculon\AppData\Local\AtStart.txt
[2009.12.31 09:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2009.12.31 09:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2009.12.02 19:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2010.12.21 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\Calculon\AppData\Roaming\Agnitum
[2011.01.12 20:47:58 | 000,000,000 | ---D | M] -- C:\Users\Calculon\AppData\Roaming\DeepBurner
[2011.02.14 20:26:21 | 000,000,000 | ---D | M] -- C:\Users\Calculon\AppData\Roaming\Software4u
[2009.07.14 05:53:46 | 000,017,008 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 19.02.2011 15:42:48 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Calculon\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 83,73 Gb Total Space | 59,36 Gb Free Space | 70,90% Space Free | Partition Type: NTFS
Drive E: | 1,89 Gb Total Space | 1,67 Gb Free Space | 88,07% Space Free | Partition Type: FAT
 
Computer Name: CLACULON | User Name: Calculon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.0.2827
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6079F8-EBA2-4C55-96A6-325E8E22DF0C}" = HP 3D DriveGuard
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A9E5C983-1B44-405D-9725-CD92C49863B3}" = UltraCompare v7.20
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{C1CDEE07-6472-4976-AD7E-4F44DA45A47A}" = Beauty Studio Style Advisor 4
"{C2DE5768-E270-439B-8017-941A6E4B2453}" = HP USB Docking Video
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDEE9257-8FEB-7BAF-B28F-C4737036D674}" = ATI Catalyst Install Manager
"{E45D11B1-F1D2-499F-A1D5-322586AB272F}" = DisplayLink Core Software
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE1EB497-5F0B-4DEF-910B-165707AB09FA}" = UltraEdit 16.30
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDEA20CD-61CF-436C-A7BA-848E0EBA0AE8}" = HP SoftPaq Download Manager
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agnitum Outpost Security Suite Pro_is1" = Outpost Security Suite Pro 7.1
"Avira AntiVir Desktop" = Avira Premium Security Suite
"CleanCache 3.0_is1" = CleanCache 3.5
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.7.0
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2011 15:20:40 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.02.2011 15:20:40 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 58746435
 
Error - 14.02.2011 15:20:40 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 58746435
 
Error - 15.02.2011 15:08:48 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.02.2011 15:08:48 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
 
Error - 15.02.2011 15:08:48 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
 
Error - 15.02.2011 15:09:04 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.02.2011 15:09:04 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31200
 
Error - 15.02.2011 15:09:04 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31200
 
Error - 18.02.2011 15:13:04 | Computer Name = Claculon | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
 too short
 
[ System Events ]
Error - 17.02.2011 13:25:11 | Computer Name = Claculon | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 17.02.2011 15:13:00 | Computer Name = Claculon | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.02.2011 16:26:55 | Computer Name = Claculon | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.02.2011 13:56:09 | Computer Name = Claculon | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.02.2011 13:56:09 | Computer Name = Claculon | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.02.2011 13:56:49 | Computer Name = Claculon | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 18.02.2011 15:12:59 | Computer Name = Claculon | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.02.2011 21:34:04 | Computer Name = Claculon | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 19.02.2011 05:25:22 | Computer Name = Claculon | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 19.02.2011 06:05:46 | Computer Name = Claculon | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         

Alt 19.02.2011, 23:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Trojaner Fund trotz deinstaliertem Java - Standard

Java Trojaner Fund trotz deinstaliertem Java



Hallo und

Zitat:
ein Java Trojaner im Ordner "C:\Users\Calculon\AppData\LocalLow\Sun\" gemeldet.
Kann ein Fehlalarm sein. Achtest immer auf aktuelle Programme sprich hälst du jedes Programm und das Betriebssystem immer aktuell, spilst du immer Updates regelmäßig ein?

Zitat:
- Antivir Premium Security Suite
- Agnitum Outpost Firewall
Eine Suite ist schon kontraproduktiv, dann noch eine Outpost-PFW zu installieren ist an Kontraproduktivtät nicht mehr zu toppen
Ich würd nur einen reinen Virenscanner plus Windows-Firewall plus Router verwenden.
__________________

__________________

Alt 20.02.2011, 11:55   #3
Sprite
 
Java Trojaner Fund trotz deinstaliertem Java - Standard

Java Trojaner Fund trotz deinstaliertem Java



Zitat:
Kann ein Fehlalarm sein. Achtest immer auf aktuelle Programme sprich hälst du jedes Programm und das Betriebssystem immer aktuell, spilst du immer Updates regelmäßig ein?
Hallo cosinus und danke für die Antwort. Ich halte mein System immer aktuell, ja. Updates werden regelmäßig durchgeführt. Dann hoffe ich mal stark dass es wirklich ein Fehlalarm gewesen ist.

Zitat:
Eine Suite ist schon kontraproduktiv, dann noch eine Outpost-PFW zu installieren ist an Kontraproduktivtät nicht mehr zu toppen
Ich würd nur einen reinen Virenscanner plus Windows-Firewall plus Router verwenden
Die Suiten sind nicht vollständig installiert. Sprich von Avira ist es nur der Virenscanner und von Agnitum nur die Firewall. Da ich die Lizenzen günstig bekommen habe, sind es eben die Suiten geworden. Was spricht gegen Agnitum Deiner Meinung nach?
__________________

Alt 20.02.2011, 17:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Trojaner Fund trotz deinstaliertem Java - Standard

Java Trojaner Fund trotz deinstaliertem Java



Zitat:
Was spricht gegen Agnitum Deiner Meinung nach?
Lies einfach mal hier, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de
NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de
microsoft.public.de.security.heimanwender FAQ

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________
Logs bitte immer in CODE-Tags posten

Antwort

Themen zu Java Trojaner Fund trotz deinstaliertem Java
7-zip, antivir, autorun, avgntflt.sys, avira, bho, bonjour, corp./icp, entfernen, error, excel, feedback, fehler, firefox, flash player, fontcache, format, iastor.sys, iexplore.exe, install.exe, location, logfile, microsoft office word, mozilla, nicht sicher, nvstor.sys, object, office 2007, oldtimer, otl.exe, problem, programdata, registry, rundll, saver, sched.exe, schädling, searchplugins, security, security update, shell32.dll, software, start menu, studio, system, taskhost.exe, trojaner, webcheck, windows



Ähnliche Themen: Java Trojaner Fund trotz deinstaliertem Java


  1. Fund: Loader.jar, Fund: EXP/Java.Ternewb.Gen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2015 (17)
  2. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  3. Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen
    Log-Analyse und Auswertung - 05.06.2013 (33)
  4. Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen in c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\34\ gefunden
    Log-Analyse und Auswertung - 30.05.2013 (7)
  5. Problem mit Trojaner Win32:Zbot-QGP + Java:Agent-CDZ + Java:Malware-gen
    Log-Analyse und Auswertung - 29.03.2013 (9)
  6. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  7. JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (22)
  8. Anhaltendes Virenproblem: JAVA/Agent.MN, TR/Spy.ZBot.gfbr.1, EXP/Dldr.Java.D-G, JAVA/Dldr.Rilly.A
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (25)
  9. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  10. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  11. Mehrere Funde! EXP/JAVA.Ternub.Gen - JAVA/Dldr.Small.CI - JAVA/Dldr.OpenC.A - EXP/08-5353.AI.5.A
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (29)
  12. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  13. Trojaner Fund-Java Agent?
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (1)
  14. Kein guter Fund: JAVA/Mesdeh.D & JAVA/Agent
    Log-Analyse und Auswertung - 11.02.2011 (24)
  15. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  16. Antivir Fund JAVA/Agent.IV; JAVA/Agent.HT.2; JAVA/Agent.ID.2
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (22)
  17. Checken der Logs nach Trojaner Fund in Java Dateien
    Log-Analyse und Auswertung - 14.09.2010 (23)

Zum Thema Java Trojaner Fund trotz deinstaliertem Java - Hallo Leute, ich habe heute einen Routinescann mit dem Trend Micro HouseCall durchgeführt und dabei wurde mir ein Java Trojaner im Ordner "C:\Users\Calculon\AppData\LocalLow\Sun\" gemeldet. Ich scanne ab und an meinen - Java Trojaner Fund trotz deinstaliertem Java...
Archiv
Du betrachtest: Java Trojaner Fund trotz deinstaliertem Java auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.