| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ist winsvc.exe ein Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2011, 12:45
| #1 |
 |  Ist winsvc.exe ein Virus? Liebes trojaner-board-team und alle Helfer, ich habe einen altbekannten Fehler gemacht und bin im Facebook ein Link mit einem Bild nichts ahnend gefolgt. Das Bild konnte aber nicht geöffnet werden und kurz darauf gab mir Avira eine Viruswarnung raus und zeigte direkt einige Datein an, die sich selbstständig machen wollten. Ich habe diese "infizierten" Datein dann natürlich gelöscht(ich bin ein Laie, was solche probleme angeht). Aber ich hatte dann schon irgendwie Angst und hab mal gegoogled und auch was bei Facebook gelesen, dass das Problem altbekannt ist und ich Mailwarebytes - Antimalware herunterladen soll. Gesagt, getan. Aber mittlerweile findet der immer noch bei jedem Scan neue Sachen, mein Avira auch. Wichtig hierbei noch zu wissen ist, das ich die Exe winsvc.exe (Systemstartelement=pouf trendsetting,Hertseller=prudishness schnitzel) (Pfad C:\Users\xxxx\M-1-52-5782-8752-5245\winsvc.exe) im Autostart habe, der Pfad, wo sie sich befinden soll kann ich nicht finden, obwohl alle ordner sichtbar sind und ich auch im Windows Suchfenster nix finde. Nach beenden der Ausführung und nach dem Neustart des Systems ist sie immer wieder im Autostart vorhanden! Außerdem war mein USB Stick angeschlossen und jeder eingesteckte USB Stick verwandelt seine DateiORDER! (nicht einzelnde dateien) nun in verknüpfungen. Jetzt habe ich natürlich Angst davor, dass ich mit jedem USB-Stick den Virus auch auf andere Geräte bringe. Ich persönlich nutze ein Notebook und ein Rechner, es passierte auf dem Notebook. Ich habe auch schon hier einige Foren durchforstet aber ich weiß trotzdem nicht so recht bescheid, daher meine 4 wichtigen fragen: Wie kann ich USB Sticks wieder normgemäß benutzen? Wie kann ich das akute Problem beheben? Kann ich mit einem USB Stick von meinem Notebook andere Geräte infizieren, auch wenn avira und mailware grünes licht bezüglich Vireninfizierung des Sticks gegeben haben? Kann ich das ganze Problem einfach und simpel durch eine Windows de und Neuinstallation beheben oder sollte ich den Laptop gar einschicken zum hersteller? Danke, limbog |
|
01.12.2011, 16:48
| #2 |
| /// Selecta Jahrusso   | Ist winsvc.exe ein Virus? Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt
__________________ |
|
02.12.2011, 12:38
| #3 |
| | Ist winsvc.exe ein Virus? OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 02.12.2011 12:14:42 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Geri\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 71,59% Memory free 7,49 Gb Paging File | 6,04 Gb Available in Paging File | 80,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,61 Gb Total Space | 222,71 Gb Free Space | 78,53% Space Free | Partition Type: NTFS Drive D: | 14,18 Gb Total Space | 1,75 Gb Free Space | 12,31% Space Free | Partition Type: NTFS Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GERRIT | User Name: Geri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.02 12:11:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Geri\Desktop\OTL.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010.12.13 12:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010.12.10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010.11.18 12:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009.12.02 21:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 21:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe ========== Modules (No Company Name) ========== MOD - [2010.11.22 14:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010.11.22 14:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010.11.22 14:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2010.11.18 13:07:50 | 001,700,920 | ---- | M] () -- C:\Users\Geri\AppData\Roaming\PictureMover\DE-DE\Presentation.dll MOD - [2010.11.18 12:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Geri\AppData\Roaming\PictureMover\Bin\Core.dll MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.12.10 08:05:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\sysnative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.12.09 23:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.08.05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.06.17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2011.11.30 19:44:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.05.01 22:19:00 | 004,045,688 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.12.02 05:44:08 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.06.19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.12.02 21:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 21:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.19 16:56:15 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\sysnative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.27 01:46:11 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.01.09 03:00:15 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.01.09 03:00:15 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.09 02:51:02 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.12.17 03:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.12.10 10:40:38 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.12.10 07:24:20 | 000,291,328 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.12.08 22:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.12.02 05:44:08 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.09.03 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.06.17 14:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010.05.15 19:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.15 19:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.29 13:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.12.02 21:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 21:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 21:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 21:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://muonline.webzen.com/default.aspx|hxxp://www.google.de/|hxxp://www.facebook.com/" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.03.27 01:58:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.27 01:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.27 01:59:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.06 12:18:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.06 12:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geri\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\sysnative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF9F10C5-832A-4A3A-AC89-C690FAB26C9E}: NameServer = 192.168.2.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB287BFA-1B0B-4C5D-94B7-FD4549D42F59}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\sysnative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.10.07 03:08:17 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2004.10.07 03:08:17 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2004.10.07 03:08:17 | 000,001,042 | R--- | M] () - E:\autorun.ini -- [ CDFS ] O33 - MountPoints2\{78ddf8e6-c007-11e0-a987-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{78ddf8e6-c007-11e0-a987-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2004.10.07 03:08:17 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found MsConfig:64bit - StartUpReg: HPWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () MsConfig:64bit - StartUpReg: Microsoft® Windows Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Spiele\Valve\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) MsConfig:64bit - StartUpReg: {78DDF8D9-C007-11E0-A987-806E6F6E6963} - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.02 12:11:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Geri\Desktop\OTL.exe [2011.12.01 15:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.01 15:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.30 20:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.11.30 19:48:48 | 000,000,000 | ---D | C] -- C:\Users\Geri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011.11.30 19:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve [2011.11.27 13:50:37 | 000,000,000 | ---D | C] -- C:\Users\Geri\AppData\Roaming\Malwarebytes [2011.11.27 13:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.27 13:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.27 13:50:25 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.27 13:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.15 13:10:58 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.11.14 20:26:39 | 000,230,920 | ---- | C] (WEBZEN, INC.) -- C:\Windows\SysWow64\EPWZCmnCtrl.dll [2011.11.14 20:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN [2011.11.06 13:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CRAFTA® Fragebogen [2011.11.06 13:26:10 | 000,000,000 | ---D | C] -- C:\Users\Geri\AppData\Roaming\Crafta Fragenbogen [2011.11.06 13:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crafta Fragebogen [2011.11.06 12:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2011.11.06 12:34:58 | 000,000,000 | ---D | C] -- C:\Users\Geri\AppData\Roaming\Avira [2011.11.06 12:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.11.06 12:29:25 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.11.06 12:29:25 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.11.06 12:29:25 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.11.06 12:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.11.06 12:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira ========== Files - Modified Within 30 Days ========== [2011.12.02 12:11:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Geri\Desktop\OTL.exe [2011.12.02 10:31:03 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 10:31:03 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 10:27:37 | 001,473,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.02 10:27:37 | 000,644,310 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.02 10:27:37 | 000,607,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.02 10:27:37 | 000,126,580 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.02 10:27:37 | 000,103,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.02 10:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.02 10:23:03 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2011.11.30 19:42:24 | 000,001,483 | ---- | M] () -- C:\Users\Public\Desktop\Half-Life 2.lnk [2011.11.30 19:42:24 | 000,001,483 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk [2011.11.30 19:31:26 | 000,000,523 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2011.11.12 09:47:06 | 000,275,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.08 19:32:38 | 000,890,490 | ---- | M] () -- C:\Users\Geri\Desktop\bws lws berechnung.png [2011.11.08 19:01:20 | 000,871,280 | ---- | M] () -- C:\Users\Geri\Desktop\cc winkel berechnung.png [2011.11.06 13:52:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.11.06 13:26:11 | 000,002,781 | ---- | M] () -- C:\Users\Public\Desktop\CRAFTA® Fragebogen.lnk [2011.11.06 13:26:11 | 000,000,152 | ---- | M] () -- C:\Windows\ODBC.INI [2011.11.06 12:29:39 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.11.06 12:00:11 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGeri.job [2011.11.04 22:21:16 | 000,230,920 | ---- | M] (WEBZEN, INC.) -- C:\Windows\SysWow64\EPWZCmnCtrl.dll [2011.11.04 19:40:19 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGERRIT$.job ========== Files Created - No Company Name ========== [2011.11.30 19:42:24 | 000,001,483 | ---- | C] () -- C:\Users\Public\Desktop\Half-Life 2.lnk [2011.11.30 19:42:24 | 000,001,483 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk [2011.11.30 19:31:26 | 000,000,523 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2011.11.08 20:03:28 | 001,256,071 | ---- | C] () -- C:\Users\Geri\Desktop\Gebrauchsanweisung- CRAFTA 2009.pdf [2011.11.08 19:32:38 | 000,890,490 | ---- | C] () -- C:\Users\Geri\Desktop\bws lws berechnung.png [2011.11.08 19:01:20 | 000,871,280 | ---- | C] () -- C:\Users\Geri\Desktop\cc winkel berechnung.png [2011.11.06 13:52:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.11.06 13:26:11 | 000,002,781 | ---- | C] () -- C:\Users\Public\Desktop\CRAFTA® Fragebogen.lnk [2011.11.06 13:26:11 | 000,000,152 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.06 12:45:39 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk [2011.11.06 12:29:38 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.09.18 12:08:17 | 000,001,854 | ---- | C] () -- C:\Users\Geri\AppData\Roaming\GhostObjGAFix.xml [2011.08.06 13:21:48 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.27 01:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.27 01:39:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.01.08 18:58:28 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2011.01.08 18:50:33 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010.12.17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2010.09.24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2010.09.17 23:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.11.09 13:49:32 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\Crafta Fragenbogen [2011.08.06 12:03:22 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\PictureMover [2011.12.02 00:44:47 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\SoftGrid Client [2011.08.06 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\Synaptics [2011.08.06 13:22:39 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\TP [2011.09.30 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\WildTangent [2011.08.06 12:26:17 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\_MDLogs [2011.11.20 11:00:20 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.08.06 12:01:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.01.09 04:07:13 | 000,000,000 | -HSD | M] -- C:\boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.08.06 11:48:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.27 01:59:48 | 000,000,000 | -H-D | M] -- C:\HP [2011.11.27 18:17:39 | 000,000,000 | ---D | M] -- C:\HS [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.01 15:46:45 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.27 13:50:25 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.11.27 13:50:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.08.06 11:48:30 | 000,000,000 | -HSD | M] -- C:\Programme [2011.08.06 11:49:43 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.30 19:31:24 | 000,000,000 | ---D | M] -- C:\Spiele [2011.09.27 13:17:14 | 000,000,000 | ---D | M] -- C:\SwSetup [2011.12.02 12:16:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.06 11:49:49 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2011.08.06 11:48:41 | 000,000,000 | R--D | M] -- C:\Users [2011.11.30 19:42:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.01.09 02:47:43 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2011.01.09 02:47:43 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.01.09 02:41:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.01.09 02:47:43 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2011.01.09 02:47:43 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2011.01.09 02:41:10 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2011.01.09 02:47:43 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2011.01.09 02:41:10 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.01.09 02:47:43 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.01.09 02:41:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\sysnative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\sysnative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2011.01.09 02:47:43 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.01.09 02:47:43 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\sysnative\winlogon.exe [2011.01.09 02:47:43 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2011.01.09 02:47:43 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > |
|
02.12.2011, 12:39
| #4 |
| | Ist winsvc.exe ein Virus? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.12.2011 12:14:42 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Geri\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 71,59% Memory free
7,49 Gb Paging File | 6,04 Gb Available in Paging File | 80,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,61 Gb Total Space | 222,71 Gb Free Space | 78,53% Space Free | Partition Type: NTFS
Drive D: | 14,18 Gb Total Space | 1,75 Gb Free Space | 12,31% Space Free | Partition Type: NTFS
Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: GERRIT | User Name: Geri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Geri\M-1-52-5782-8752-5245\winsvc.exe" = C:\Users\Geri\M-1-52-5782-8752-5245\winsvc.exe:*:Enabled:Microsoft® Windows Update
"C:\Users\Geri\M-1-52-5782-8752-5245\winsvc.exe" = C:\Users\Geri\M-1-52-5782-8752-5245\winsvc.exe:*:Enabled:Microsoft® Windows Update
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager
"{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2483ABA1-192F-40A1-97EE-CEC79638C65D}" = HP Software Framework
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish
"{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53CD60C7-12F9-420D-A9BF-EC8D815475A9}" = HP Documentation
"{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish
"{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese
"{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian
"{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard
"{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95723791-2C44-454B-9220-C65D47D70E9C}" = WEBZEN Browser Extension
"{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian
"{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean
"{9C4CA1B3-B387-4004-83B1-6B61CB876C44}" = CRAFTA® Fragebogen
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional
"{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish
"{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese
"{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All
"{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Jagged Alliance 2" = Jagged Alliance 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Steam App 500" = Left 4 Dead
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.11.2011 12:55:03 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 08.11.2011 03:51:10 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 08.11.2011 13:16:09 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 09.11.2011 04:30:12 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 09.11.2011 07:19:40 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 13.11.2011 04:56:07 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 13.11.2011 05:44:39 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 15.11.2011 04:39:14 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 15.11.2011 08:08:21 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 15.11.2011 08:22:05 | Computer Name = Gerrit | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
[ Hewlett-Packard Events ]
Error - 04.09.2011 07:49:05 | Computer Name = Gerrit | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091104014857.xml
File not created by asset agent
Error - 04.09.2011 07:49:08 | Computer Name = Gerrit | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091104014905.xml
File not created by asset agent
Error - 18.09.2011 07:08:12 | Computer Name = Gerrit | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091118010808.xml
File not created by asset agent
Error - 06.11.2011 03:55:59 | Computer Name = Gerrit | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/bcecd368_42fe_463d_aea9_52840253bb0e/wiyqeitqibvwo3o3mkciorxr_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 3834 Ram Utilization: TargetSite: Void UpdateDetail(System.String)
Error - 15.11.2011 07:56:16 | Computer Name = Gerrit | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3834 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 20.11.2011 03:56:55 | Computer Name = Gerrit | Source = HPSF.exe | ID = 4000
Description =
Error - 20.11.2011 03:57:14 | Computer Name = Gerrit | Source = HPSF.exe | ID = 4000
Description =
[ HP Wireless Assistant Events ]
Error - 06.08.2011 07:33:26 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 06.08.2011 07:34:34 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 06.08.2011 07:35:42 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 06.08.2011 07:36:50 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 03.09.2011 13:09:12 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 05.09.2011 06:13:15 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 21.09.2011 09:38:46 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 29.09.2011 04:02:41 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 14.10.2011 12:54:47 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 05.11.2011 13:02:35 | Computer Name = Gerrit | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
[ System Events ]
Error - 24.11.2011 05:23:11 | Computer Name = Gerrit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.11.2011 09:31:41 | Computer Name = Gerrit | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst HPWMISVC erreicht.
Error - 24.11.2011 13:07:12 | Computer Name = Gerrit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 25.11.2011 13:13:02 | Computer Name = Gerrit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 26.11.2011 07:04:01 | Computer Name = Gerrit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 26.11.2011 11:56:41 | Computer Name = Gerrit | Source = DCOM | ID = 10010
Description =
Error - 27.11.2011 05:38:42 | Computer Name = Gerrit | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 27.11.2011 05:43:11 | Computer Name = Gerrit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 27.11.2011 07:24:12 | Computer Name = Gerrit | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 27.11.2011 08:41:43 | Computer Name = Gerrit | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR2 gefunden.
< End of report >
|
|
02.12.2011, 12:45
| #5 |
| | Ist winsvc.exe ein Virus? Hey Daniel, danke für die schnelle Antwort. In den beiden Posts kannst du die Ergebnisse des Scans sehen, alles so gemacht wie es gesagt wurde. Vielleicht kann ich dir als Anmerkung sagen, dass ich mit Avira und Mailwarebytes noch ein paar mal mein system gescannt habe und einige dateien die als Viren aufgezeigt wurden, gelöscht habe. Ich weiß das war vllt nicht vorteilhaft, das habe ich aber in der Not heraus unternommen. Folglich habe ich die Exe, wie oben im ersten Thread genannt, nicht mehr im autostart und finde ich auch keine weiteren viren zurzeit mehr auf dem Computer. Zudem war ich schon wieder im facebook problemlos ohne das sich der Virus weiter verbreiten wollte. Habe aber immer noch nicht wieder den USB stick angeschlossen, habe da meine bedenken. Was brauchst du noch? LG |
|
02.12.2011, 15:51
| #6 |
| /// Selecta Jahrusso | Ist winsvc.exe ein Virus? Das macht die Logfiles für mich wertlos -.- Poste mir bitte die aktuelle Logfile von Malwarebytes Starte Malwarebytes--> Reiter Scan-Berichte--> klick auf den aktuellsten Bericht--> es öffnet sich automatisch ein Text-Dokument Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread.
__________________ --> Ist winsvc.exe ein Virus? |
|
02.12.2011, 15:56
| #7 |
| | Ist winsvc.exe ein Virus? Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8252 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.12.2011 15:42:15 mbam-log-2011-12-01 (15-42-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Q:\|) Durchsuchte Objekte: 360516 Laufzeit: 1 Stunde(n), 47 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
03.12.2011, 09:49
| #8 |
| | Ist winsvc.exe ein Virus? OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2011 09:04:20 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Geri\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 65,91% Memory free 7,49 Gb Paging File | 5,91 Gb Available in Paging File | 78,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,61 Gb Total Space | 222,11 Gb Free Space | 78,32% Space Free | Partition Type: NTFS Drive D: | 14,18 Gb Total Space | 1,75 Gb Free Space | 12,31% Space Free | Partition Type: NTFS Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GERRIT | User Name: Geri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.02 12:11:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Geri\Desktop\OTL.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010.12.13 12:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010.12.10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010.11.18 12:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe PRC - [2010.11.09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2009.12.02 21:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 21:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe ========== Modules (No Company Name) ========== MOD - [2010.11.22 14:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010.11.22 14:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010.11.22 14:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2010.11.18 13:07:50 | 001,700,920 | ---- | M] () -- C:\Users\Geri\AppData\Roaming\PictureMover\DE-DE\Presentation.dll MOD - [2010.11.18 12:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Geri\AppData\Roaming\PictureMover\Bin\Core.dll MOD - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe MOD - [2009.07.14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.12.10 08:05:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\sysnative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.12.09 23:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.08.05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.06.17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2011.11.30 19:44:33 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.05.01 22:19:00 | 004,045,688 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.12.02 05:44:08 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.06.19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.12.02 21:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 21:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.19 16:56:15 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\sysnative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.27 01:46:11 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.01.09 03:00:15 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.01.09 03:00:15 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.09 02:51:02 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.12.17 03:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.12.10 10:40:38 | 008,121,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.12.10 07:24:20 | 000,291,328 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.12.08 22:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.12.02 05:44:08 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.09.03 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.06.17 14:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010.05.15 19:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.15 19:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.29 13:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.12.02 21:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 21:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 21:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 21:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://muonline.webzen.com/default.aspx|hxxp://www.google.de/|hxxp://www.facebook.com/" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPBrowserExt: C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN) FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.03.27 01:58:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.27 01:58:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.27 01:59:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.06 12:18:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.06 12:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geri\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\sysnative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF9F10C5-832A-4A3A-AC89-C690FAB26C9E}: NameServer = 192.168.2.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB287BFA-1B0B-4C5D-94B7-FD4549D42F59}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\sysnative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.10.07 03:08:17 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2004.10.07 03:08:17 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2004.10.07 03:08:17 | 000,001,042 | R--- | M] () - E:\autorun.ini -- [ CDFS ] O33 - MountPoints2\{78ddf8e6-c007-11e0-a987-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{78ddf8e6-c007-11e0-a987-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2004.10.07 03:08:17 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.02 12:11:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Geri\Desktop\OTL.exe [2011.12.01 15:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.01 15:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.30 20:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.11.30 19:48:48 | 000,000,000 | ---D | C] -- C:\Users\Geri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011.11.30 19:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve [2011.11.27 13:50:37 | 000,000,000 | ---D | C] -- C:\Users\Geri\AppData\Roaming\Malwarebytes [2011.11.27 13:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.27 13:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.27 13:50:25 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.27 13:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.15 13:10:58 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.11.14 20:26:39 | 000,230,920 | ---- | C] (WEBZEN, INC.) -- C:\Windows\SysWow64\EPWZCmnCtrl.dll [2011.11.14 20:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBZEN [2011.11.06 13:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CRAFTA® Fragebogen [2011.11.06 13:26:10 | 000,000,000 | ---D | C] -- C:\Users\Geri\AppData\Roaming\Crafta Fragenbogen [2011.11.06 13:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crafta Fragebogen [2011.11.06 12:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2011.11.06 12:34:58 | 000,000,000 | ---D | C] -- C:\Users\Geri\AppData\Roaming\Avira [2011.11.06 12:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.11.06 12:29:25 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.11.06 12:29:25 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.11.06 12:29:25 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.11.06 12:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.11.06 12:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira ========== Files - Modified Within 30 Days ========== [2011.12.03 08:07:11 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 08:07:11 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 16:35:17 | 000,036,783 | ---- | M] () -- C:\Users\Geri\Desktop\zebris stand.jpg [2011.12.02 12:11:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Geri\Desktop\OTL.exe [2011.12.02 10:27:37 | 001,473,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.02 10:27:37 | 000,644,310 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.02 10:27:37 | 000,607,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.02 10:27:37 | 000,126,580 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.02 10:27:37 | 000,103,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.02 10:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.02 10:23:03 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys [2011.11.30 19:42:24 | 000,001,483 | ---- | M] () -- C:\Users\Public\Desktop\Half-Life 2.lnk [2011.11.30 19:42:24 | 000,001,483 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk [2011.11.30 19:31:26 | 000,000,523 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2011.11.12 09:47:06 | 000,275,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.08 19:32:38 | 000,890,490 | ---- | M] () -- C:\Users\Geri\Desktop\bws lws berechnung.png [2011.11.08 19:01:20 | 000,871,280 | ---- | M] () -- C:\Users\Geri\Desktop\cc winkel berechnung.png [2011.11.06 13:52:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.11.06 13:26:11 | 000,002,781 | ---- | M] () -- C:\Users\Public\Desktop\CRAFTA® Fragebogen.lnk [2011.11.06 13:26:11 | 000,000,152 | ---- | M] () -- C:\Windows\ODBC.INI [2011.11.06 12:29:39 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.11.06 12:00:11 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGeri.job [2011.11.04 22:21:16 | 000,230,920 | ---- | M] (WEBZEN, INC.) -- C:\Windows\SysWow64\EPWZCmnCtrl.dll [2011.11.04 19:40:19 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGERRIT$.job ========== Files Created - No Company Name ========== [2011.12.02 16:35:16 | 000,036,783 | ---- | C] () -- C:\Users\Geri\Desktop\zebris stand.jpg [2011.11.30 19:42:24 | 000,001,483 | ---- | C] () -- C:\Users\Public\Desktop\Half-Life 2.lnk [2011.11.30 19:42:24 | 000,001,483 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk [2011.11.30 19:31:26 | 000,000,523 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2011.11.08 20:03:28 | 001,256,071 | ---- | C] () -- C:\Users\Geri\Desktop\Gebrauchsanweisung- CRAFTA 2009.pdf [2011.11.08 19:32:38 | 000,890,490 | ---- | C] () -- C:\Users\Geri\Desktop\bws lws berechnung.png [2011.11.08 19:01:20 | 000,871,280 | ---- | C] () -- C:\Users\Geri\Desktop\cc winkel berechnung.png [2011.11.06 13:52:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.11.06 13:26:11 | 000,002,781 | ---- | C] () -- C:\Users\Public\Desktop\CRAFTA® Fragebogen.lnk [2011.11.06 13:26:11 | 000,000,152 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.06 12:45:39 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk [2011.11.06 12:29:38 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.09.18 12:08:17 | 000,001,854 | ---- | C] () -- C:\Users\Geri\AppData\Roaming\GhostObjGAFix.xml [2011.08.06 13:21:48 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.27 01:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.27 01:39:12 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.01.08 18:58:28 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2011.01.08 18:50:33 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010.12.17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2010.09.24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2010.09.17 23:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.11.09 13:49:32 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\Crafta Fragenbogen [2011.08.06 12:03:22 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\PictureMover [2011.12.02 00:44:47 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\SoftGrid Client [2011.08.06 12:02:19 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\Synaptics [2011.08.06 13:22:39 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\TP [2011.09.30 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\WildTangent [2011.08.06 12:26:17 | 000,000,000 | ---D | M] -- C:\Users\Geri\AppData\Roaming\_MDLogs [2011.11.20 11:00:20 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
03.12.2011, 09:55
| #9 |
| | Ist winsvc.exe ein Virus? Okay, das war der letzte Stand von Mailwarebyte und dem OTL quick scan. Habe bisher (gott sei dank) keine weiteren Viren identifizieren können, was ja aber nicht heißt, das nix da ist. Mein aktuelles Hauptproblem ist nach wie vor: Ab wann weiß ich ob mein Notebook frei von Viren ist und( eig noch wichtiger) wie ich mein USB-stick wieder funktionstüchtig mache, der hatte ja scheinbar was abbekommen(alle ordner sind verknüpfungen)... Danke für die schnelle Hilfe, warte auf weitere Anweisungen  |
|
03.12.2011, 16:45
| #10 |
| /// Selecta Jahrusso | Ist winsvc.exe ein Virus? Downloade dir bitte Pandas USBVaccine und installiere das Tool mit den vorgegebenen Einstellungen. Schließe alle deine infizierten USB Sticks an und klicke Vaccine USB. Berichte ob die USB Sticks wieder OK sind.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.12.2011, 17:46
| #11 |
| | Ist winsvc.exe ein Virus? schön wärs gewesen, aber bei einstecken kamen schon 30 meldungen, fast jede datei besitzt laut avira auf dem USB 1: (Pfad F: ) TR/Phorpiex 552960 F:\84612795\xxxx USB 2: (Pfad G: ) TR/Phorpiex 552960 G:\84612795\xxxx ich weiß allerdings net was das ist habe beide "vaccanted" aber die ordner sind leider noch immer nur verknüpfen und lassen sich net öffnen |
|
03.12.2011, 17:54
| #12 |
| | Ist winsvc.exe ein Virus? Ich habe die Dateien (avira Quarantäne) gerade mal mit den vorhandenen USB stick dateien verglichen: alle (angeblichen) verseuchten .exe sind die ordner auf dem USB, die losen dateien sind scheinbar nicht betroffen und lassen sich ja auch normal ohne probleme öffnen. sollte man die versuchen wiederherzustellen oder zu löschen oder ? |
|
03.12.2011, 18:27
| #13 |
| /// Selecta Jahrusso | Ist winsvc.exe ein Virus? Okay, Das Ding ist noch bisschen neu für mich, also muss ich da noch bisschen experimentieren. Starte bitte Vaccine erneut und klicke diesmal Vaccinate Computer. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter @echo off
>look.txt (
dir /a /b %cd%
)
del %0
Auf dem USB Stick wird sich eine look.txt erstellen. Poste den Inhalt bitte hier
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
05.12.2011, 21:05
| #14 |
| | Ist winsvc.exe ein Virus? hey, ja werde ich morgen direkt machen, hatte gestern und heute keine zeit, sry |
|
06.12.2011, 13:54
| #15 |
| | Ist winsvc.exe ein Virus? Hey, also in der Theroie klingt das gut, aber war praktisch nicht zu machen. Habe alles wie gesagt gemacht und die file.bat auch ausgeführt als admin aber nach einem kurzen rechenprozess ist die file.bat weg aber ich kann auf dem usb keine neue txt. datei finden. Was mich aber stutzig(und auch sehr glücklich) gemacht hat, ist, dass neben den ganzen Verknüpfungsordnern die Ursprungsordner wieder da sind, sie werden als versteckt angezeigt.Iich kann wieder drauf zugreifen und die Ordner öffnen. Aber ich glaube damit ist das problem nicht getan. Der USB enthält nun so viel ordner und dateien, teils sichtbar teils versteckt, ziemliches chaos, da ich auch keine Ahnung davon habe, was normale Dateien sind oder was nur trash ist. Was schlägst du nun vor? mfg |
|
| Themen zu Ist winsvc.exe ein Virus? |
| autostart, avira, bild, datei, dateien, exe, facebook, fehler, foren, frage, gelöscht, infizierte, laptop, link, neue, neustart, notebook, ordner, probleme, scan, stick, usb, usb stick, usb-stick, virus, virus?, windows, winvsc.exe |
Textbox.
