| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.CWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
08.11.2010, 16:14
| #1 |
 |  Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Hallo Trojaner Board Community, wie im Thema oben beschrieben, habe ich heute folgende Virenfunde mit Avira endeckt. Ich hoffe ihr könnt mir helfen. Logreport von Avira folgt weiter unten. Avira AntiVir Personal Erstellungsdatum der Reportdatei: Montag, 8. November 2010 11:32 Es wird nach 3022070 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : PERPETUUM_MOBIL Versionsinformationen: BUILD.DAT : 10.0.0.592 31823 Bytes 09.08.2010 10:49:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 02.08.2010 15:09:33 AVSCAN.DLL : 10.0.3.0 56168 Bytes 02.08.2010 15:09:45 LUKE.DLL : 10.0.2.3 104296 Bytes 02.08.2010 15:09:38 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:01:46 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 19:01:46 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 23:37:48 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 20:32:07 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 00:35:08 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 16:01:14 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 14:23:47 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 18:49:35 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 09:26:15 VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 09:26:39 VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 09:26:39 VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 09:26:40 VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 09:26:40 VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 09:26:42 VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 10:31:51 VBASE015.VDF : 7.10.13.148 2048 Bytes 07.11.2010 10:31:51 VBASE016.VDF : 7.10.13.149 2048 Bytes 07.11.2010 10:31:51 VBASE017.VDF : 7.10.13.150 2048 Bytes 07.11.2010 10:31:51 VBASE018.VDF : 7.10.13.151 2048 Bytes 07.11.2010 10:31:51 VBASE019.VDF : 7.10.13.152 2048 Bytes 07.11.2010 10:31:51 VBASE020.VDF : 7.10.13.153 2048 Bytes 07.11.2010 10:31:52 VBASE021.VDF : 7.10.13.154 2048 Bytes 07.11.2010 10:31:52 VBASE022.VDF : 7.10.13.155 2048 Bytes 07.11.2010 10:31:52 VBASE023.VDF : 7.10.13.156 2048 Bytes 07.11.2010 10:31:52 VBASE024.VDF : 7.10.13.157 2048 Bytes 07.11.2010 10:31:52 VBASE025.VDF : 7.10.13.158 2048 Bytes 07.11.2010 10:31:52 VBASE026.VDF : 7.10.13.159 2048 Bytes 07.11.2010 10:31:52 VBASE027.VDF : 7.10.13.160 2048 Bytes 07.11.2010 10:31:52 VBASE028.VDF : 7.10.13.161 2048 Bytes 07.11.2010 10:31:53 VBASE029.VDF : 7.10.13.162 2048 Bytes 07.11.2010 10:31:53 VBASE030.VDF : 7.10.13.163 2048 Bytes 07.11.2010 10:31:53 VBASE031.VDF : 7.10.13.164 2048 Bytes 07.11.2010 10:31:53 Engineversion : 8.2.4.92 AEVDF.DLL : 8.1.2.1 106868 Bytes 30.07.2010 11:28:48 AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 05.11.2010 09:27:19 AESCN.DLL : 8.1.6.1 127347 Bytes 13.05.2010 11:16:07 AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 17:15:16 AERDL.DLL : 8.1.9.2 635252 Bytes 05.11.2010 09:27:15 AEPACK.DLL : 8.2.3.11 471416 Bytes 05.11.2010 09:27:11 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 21.07.2010 18:42:40 AEHEUR.DLL : 8.1.2.38 2990455 Bytes 05.11.2010 09:27:08 AEHELP.DLL : 8.1.14.0 246134 Bytes 05.11.2010 09:26:54 AEGEN.DLL : 8.1.3.24 401781 Bytes 05.11.2010 09:26:52 AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 17:15:08 AECORE.DLL : 8.1.17.0 196982 Bytes 05.11.2010 09:26:50 AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 17:15:06 AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:33 AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:33 AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 14:26:53 AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:33 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02.08.2010 15:09:33 AVARKT.DLL : 10.0.0.14 227176 Bytes 02.08.2010 15:09:31 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:32 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:33 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.08.2010 15:09:45 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Beginn des Suchlaufs: Montag, 8. November 2010 11:32 Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\License information\datasecu [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\License information\rkeysecu [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'hphc_service.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'Com4QLBEx.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqToaster.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'WiFiMsg.EXE' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqwmiex.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'BtStackServer.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.bin' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'SSScheduler.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'BTTray.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'NPSAgent.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'ISUSPM.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'ehtray.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'realsched.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'sttray.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'DpAgent.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'HPWAMain.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuSchd2.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'HPKBDAPP.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'QLBCTRL.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'MSASCui.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'BLService.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'QPSched.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'QPCapSvc.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'FsUsbExService.Exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'QPService.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'ApplicationUpdater.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'aestsrv.exe' - '5' Modul(e) wurden durchsucht Durchsuche Prozess 'IAAnotif.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '144' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'DpHostW.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'vfsFPService.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'Hpservice.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'STacSV.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '152' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1703' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\5f9a8019-5d835470 [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.A --> CustomClass.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.A --> dostuff.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.B --> mosdef.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.C --> SiteError.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.D --> SuperPolicy.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.C C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\35e074ec-57a5cfd4 [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HO --> a2ea.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HO --> ab5a.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HQ --> ab66.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.2025 --> ac60.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HR C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\412e85be-151e8af6 [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.BH --> dev/s/AdgredY.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.BH --> dev/s/DyesyasZ.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.M.2 --> dev/s/LoaderX.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.M.1 Beginne mit der Suche in 'D:\' <HP_RECOVERY> Beginne mit der Desinfektion: C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\412e85be-151e8af6 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.M.1 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4803548a.qua' verschoben! C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\35e074ec-57a5cfd4 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HR [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50a17b29.qua' verschoben! C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\5f9a8019-5d835470 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.C [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '02d221b2.qua' verschoben! Ende des Suchlaufs: Montag, 8. November 2010 13:41 Benötigte Zeit: 2:01:02 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 42233 Verzeichnisse wurden überprüft 960984 Dateien wurden geprüft 12 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 960972 Dateien ohne Befall 5321 Archive wurden durchsucht 0 Warnungen 3 Hinweise 813740 Objekte wurden beim Rootkitscan durchsucht 2 Versteckte Objekte wurden gefunden Hier auch schon der Scan von Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5073 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 08.11.2010 16:09:05 mbam-log-2010-11-08 (16-09-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 447456 Laufzeit: 1 Stunde(n), 49 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken. C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken. C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> No action taken. C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\480ZC1S8\OTL[1].exe (Trojan.Dropper.PGen) -> No action taken. Danke schon mal für eure Hilfestellung. Grüße Piet |
|
09.11.2010, 02:47
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
09.11.2010, 11:00
| #3 |
| | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Hallo Cosinus,
__________________anbei der OTL-ScanlogOTL Logfile: Code:
ATTFilter OTL logfile created on: 09.11.2010 10:38:21 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\HP\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289,12 Gb Total Space | 95,43 Gb Free Space | 33,01% Space Free | Partition Type: NTFS Drive D: | 8,96 Gb Total Space | 1,64 Gb Free Space | 18,33% Space Free | Partition Type: NTFS Drive E: | 2,44 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PERPETUUM_MOBIL | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) PRC - C:\Windows\SMINST\BLService.exe () PRC - c:\Program Files\AOL\AOL Toolbar 5.0\AolTbServer.exe (AOL LLC) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe () SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\DRIVERS\snpstd3.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files\HP\QuickPlay\000.fcl (Cyberlink Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb" FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.10.09 07:16:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.17 06:11:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 20:45:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 20:45:15 | 000,000,000 | ---D | M] [2009.02.10 00:04:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Extensions [2010.11.09 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\gn2gx2tl.default\extensions [2010.04.27 19:36:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\gn2gx2tl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.07 23:58:08 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\gn2gx2tl.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09} [2010.04.09 02:36:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\gn2gx2tl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.17 14:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.24 19:23:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.04.19 22:33:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.17 21:31:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.17 14:44:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.12.01 08:47:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2010.10.22 11:47:32 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 11:47:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 11:47:32 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 11:47:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 11:47:32 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}] C:\Program Files\BRAVIS\Galaxee 4free\bravis.exe (BRAVIS GmbH) O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.07.27 06:31:59 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.05.28 20:02:25 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{03f20440-a409-11dd-9156-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{03f20440-a409-11dd-9156-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.07.27 06:31:59 | 000,054,544 | R--- | M] (Electronic Arts) O33 - MountPoints2\{a974a9cc-a6cf-11df-8822-f185de0764f8}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.09 10:36:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2010.11.08 14:08:40 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes [2010.11.08 14:08:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.08 14:08:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.08 14:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.11.08 14:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.08 14:07:32 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HP\Desktop\mbam-setup.exe [2010.11.07 21:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2010.11.07 21:23:46 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Samsung [2010.11.07 21:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2010.11.07 21:20:24 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Downloaded Installations [2010.11.07 11:54:45 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\My Art [2010.11.07 11:53:18 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\NPS [2010.11.07 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\PC Suite [2010.11.07 11:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010.11.05 10:25:07 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Avira [2010.10.28 13:08:41 | 000,032,256 | ---- | C] (Darkfleet.de) -- C:\Users\HP\Desktop\DNPCGLauncher.exe [2010.10.28 13:07:16 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\HP\Desktop\dotNetFx40_Full_setup.exe [2010.10.27 12:26:06 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2010.10.27 12:26:05 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.10.27 12:26:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.10.22 11:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2010.10.22 11:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010.10.19 11:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.10.19 11:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.10.19 11:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.10.17 23:33:16 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Gogii [2010.10.17 22:32:44 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Enlightenus2SE_BFG [2010.10.17 14:43:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.17 14:43:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.17 14:43:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.17 13:40:49 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Vogat Interactive [2010.10.17 13:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Drawn - Flucht aus der Dunkelheit [2010.10.17 12:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Robins Quest - Aufstieg einer Legende [2010.10.17 11:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Elixier der Unsterblichkeit [2010.10.17 11:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enlightenus II - Der ewige Turm [2010.10.13 00:08:00 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 00:07:59 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.12 23:44:47 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.12 23:44:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.12 23:44:19 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.12 23:44:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.10.12 23:44:16 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.12 23:44:16 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.12 23:44:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.12 23:44:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.12 23:44:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.12 23:44:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.12 23:44:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.12 23:44:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.10.12 23:44:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.12 23:44:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.10.12 23:44:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.10.12 23:44:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.10.12 23:44:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.10.12 23:44:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.12 23:44:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.12 23:44:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.12 23:43:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.12 23:43:56 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.12 23:43:55 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll ========== Files - Modified Within 30 Days ========== [2010.11.09 10:40:29 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D5D03B1D-F6F6-4927-ABA2-A822FA9CD2A6}.job [2010.11.09 10:36:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2010.11.09 10:27:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.09 10:14:03 | 000,001,403 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010.11.09 10:13:45 | 000,047,842 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.11.09 10:13:45 | 000,047,842 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.09 10:13:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.09 09:00:53 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.09 08:57:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.09 08:57:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.09 08:57:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.09 08:56:58 | 3186,839,552 | -HS- | M] () -- C:\hiberfil.sys [2010.11.08 21:44:34 | 000,001,932 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.08 14:07:36 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HP\Desktop\mbam-setup.exe [2010.11.07 21:27:20 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2010.11.07 13:39:41 | 173,838,160 | ---- | M] () -- C:\Users\HP\Desktop\New_PC_Studio_1.5.1.10064_2.exe [2010.11.06 11:32:31 | 000,670,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.06 11:32:31 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.06 11:32:31 | 000,144,082 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.06 11:32:31 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.28 13:08:41 | 000,032,256 | ---- | M] (Darkfleet.de) -- C:\Users\HP\Desktop\DNPCGLauncher.exe [2010.10.28 13:07:26 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\Users\HP\Desktop\dotNetFx40_Full_setup.exe [2010.10.28 11:56:48 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.10.28 11:56:48 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.10.19 11:17:33 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.19 11:14:23 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.17 16:07:52 | 000,024,576 | ---- | M] () -- C:\Users\HP\Desktop\Comenius Beirat 1.doc [2010.10.16 06:25:34 | 000,145,835 | ---- | M] () -- C:\Users\HP\Desktop\zeichentabelle.pdf [2010.10.13 06:52:09 | 000,330,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010.11.07 21:27:20 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk [2010.11.07 13:39:32 | 173,838,160 | ---- | C] () -- C:\Users\HP\Desktop\New_PC_Studio_1.5.1.10064_2.exe [2010.10.22 11:52:08 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.10.22 11:52:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.10.19 11:17:33 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.19 11:14:23 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.17 16:30:23 | 000,024,576 | ---- | C] () -- C:\Users\HP\Desktop\Comenius Beirat 1.doc [2010.10.16 06:25:34 | 000,145,835 | ---- | C] () -- C:\Users\HP\Desktop\zeichentabelle.pdf [2010.09.23 11:05:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.07.26 14:50:05 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.07.23 12:17:46 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.23 12:17:45 | 000,139,152 | ---- | C] () -- C:\Users\HP\AppData\Roaming\PnkBstrK.sys [2010.06.24 18:16:03 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini [2010.05.21 18:16:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.05.21 18:16:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.01.20 07:15:05 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\FnF4.txt [2009.09.23 23:55:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.22 13:12:33 | 000,005,059 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr [2009.09.22 13:12:14 | 000,000,036 | ---- | C] () -- C:\Windows\IniFile1.ini [2009.08.05 18:57:54 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.08.05 18:52:07 | 000,000,680 | ---- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat [2009.05.08 08:24:48 | 000,009,632 | ---- | C] () -- C:\Windows\System32\drivers\fiddrv.sys [2009.04.06 16:48:22 | 000,012,524 | ---- | C] () -- C:\Users\HP\AppData\Roaming\elisa.xml [2009.04.06 16:43:09 | 000,000,768 | ---- | C] () -- C:\Users\HP\AppData\Roaming\users.xml [2009.03.23 20:19:58 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.03.14 19:29:01 | 000,000,858 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.01.12 14:36:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.01.12 14:22:41 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.01.12 14:22:41 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll [2008.12.27 14:22:23 | 000,000,982 | ---- | C] () -- C:\Windows\EF.ini [2008.12.25 10:57:24 | 000,000,174 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.12.17 21:10:25 | 000,028,915 | ---- | C] () -- C:\Users\HP\AppData\Roaming\UserTile.png [2008.12.13 12:30:47 | 000,091,136 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.27 15:32:37 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Roaming\wklnhst.dat [2008.10.27 11:56:20 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\QSwitch.txt [2008.10.27 11:56:20 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\DSwitch.txt [2008.10.27 11:56:20 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\AtStart.txt [2008.09.27 00:46:15 | 000,047,842 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.09.27 00:46:14 | 000,047,842 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.01.21 03:24:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\rasqec.dll [2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:30:20 | 000,140,776 | ---- | C] () -- C:\Windows\System32\halacpi.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:55BB2521 @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:7A0EFE63 @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:059167AF @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:C9FD258B @Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:C22674B6 @Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:43982D5E @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:A3B8F70C @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7B52659E @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:3D36932D @Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:3E06C78F @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:6F55EB66 @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:CF61CE5A @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6AF67671 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DA18D4E3 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F84B8DB5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A02025CE @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:91DEEE71 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:041C0562 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:596E2371 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E14FA16F @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:61AF2B29 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C10635F6 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8944C195 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:700B9342 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:61B54B15 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0E684AC9 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D8D58038 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:68A56598 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DD04902E @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9F38BF31 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9D03192E @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:569CEE83 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:870649A4 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4C528C86 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:206470A5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB16385F @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C72A744C @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C6EBC69 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0E22C5DB @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:054F0F17 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD27B7FC @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B845F669 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1ECED34B @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B8384DB6 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7FCB9D0D @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D2397415 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B2735F9E @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:70E897B5 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F0A5896 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5E9B629B @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:109734F6 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8B4B9596 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6BF0805F @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:24FECE50 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D507B5A8 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C8E82994 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:95198126 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7A0FEE87 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:FC4EA67C @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:848CC150 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2BC498A4 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D351BC6 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53DF59D1 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B2CD146E @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:DFC3B090 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:27D1368B < End of report > Hier noch das Extralog OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.11.2010 10:38:21 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,12 Gb Total Space | 95,43 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 1,64 Gb Free Space | 18,33% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PERPETUUM_MOBIL | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5619A369-7009-4E5B-932F-EE8A12868DFF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{5CB26342-473C-436A-818A-D8DC91F8C91D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73526175-250A-4798-BAB6-6D82636F8BBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FAEB6E-2B9C-4F5A-AFBE-943AA4E7F561}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{0218A856-8A35-4F64-A8E4-A3A07D80F001}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{050E6B41-AF96-4EB5-8EC0-3A0DCC97DB1D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0666893D-F1EC-42BB-8486-5A93EF43B742}" = protocol=17 | dir=in | app=c:\program files\bravis\galaxee 4free\bravis.exe |
"{1377E317-E405-4442-A707-10054D28C77D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{188638BF-DA7C-4BE6-9F70-B1594DB21BFE}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{2588108E-573D-40B1-B868-9B45FD9EFB87}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{28FE9A14-15F2-4045-9C0D-BF1F83D95218}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2FC616A3-0BCD-4071-B8AB-185F7E742DB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{32DFA05E-FCBE-4BB6-A749-D7CF03DB7E48}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{348E05E0-08F3-4CCE-B3EA-89843266FC99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B978E5F-113E-4AFA-8C7A-58F0B657A4FD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{3E98D450-41C7-416C-9FEE-093A2CA0B896}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4065964B-21F1-4B06-A860-BC4ABCE333E5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{412AD225-CD63-4234-A6C4-7D56D1C8CE44}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{44242020-8F3E-4245-A40E-61B3986B47A6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{45AD6D9B-78A0-4639-A889-BAC742951CAB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{4C42FDCA-3D16-478D-9517-82FF50112C84}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4E7967EF-971B-4562-9467-0E0A0EF9ED41}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{5375EF57-FA49-46D2-8D26-8AEFF09C4A04}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{5C658C64-4F1D-4C39-94E9-A859EB5DE144}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{5DCF0BD7-BCDC-4BD7-B2FB-A1FE4DE76765}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{5E208F55-C435-49D0-AA06-A9F5E3C8EC4E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{65DFC601-97EF-48B4-9589-FA0C8DBCEC98}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{748B55E8-FD40-47DE-8FD0-C853F3D15BE6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{7CCE3431-4CF2-4B94-8163-B17D5DCFE79B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{81D00DCB-06D3-4D99-AA36-4E5AFB42CEF7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9308C751-0985-43FB-81A7-61E1B717DE20}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{95F06B91-F52E-49C7-8585-891151474AC7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{9CC07867-A3FC-42E2-A91C-0832983361F4}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{A619F510-808A-4100-B717-241278A59F9A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B231BE95-C646-4461-A052-17117365E9CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B812387E-9083-465B-9293-C5D5470A6140}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8A87A34-C081-46DA-81A8-5ABC68FC1A23}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C665F790-F974-40A6-94E1-5FFBB59337B9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{CCD159C1-8773-4170-96C4-D8DD6640884B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CF00AD47-4950-4A30-9FEA-2F830BBE7AA7}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{D44B9C7B-2280-4C2A-87A7-51486562DE76}" = protocol=6 | dir=in | app=c:\program files\bravis\galaxee 4free\bravis.exe |
"{DC854184-B296-44F5-A9DE-676732E9E9B8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{E226DB3C-0D4C-4567-A648-735CDF13B2B8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{EA15C3B4-4FB6-4CE2-8B1F-5DBB462E43E0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{EC735C01-AA50-4423-B6EF-9D9F5C985635}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F408DB27-8FC7-4025-97C3-BCE0A1F22905}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{F73B3414-05D9-4416-9F23-6A2617B0D88E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{FB3C5A93-179D-49D4-9BBC-20D497C20F5E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{0588ED9E-C2E9-47FF-B0D2-A8EE266C26C8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{2EBA2BB1-E1E1-40C3-82AE-F503B4A5D5F1}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{4145B1B4-36C0-45C2-BCE5-1FEA9917A06A}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{4BA3638B-C3D8-48D6-8F7A-54F1E3C58A79}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{538DD0CE-4B31-4515-A889-AF934A637656}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{576A4189-452F-4397-960F-E7F59792611A}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{5C691124-33DA-4A88-B4B8-9A00B69E6BB6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{84AC26ED-9957-44EB-A2AC-B399EDED2DEA}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{C1828ED9-12AF-4A60-A201-F1E8F8415037}C:\program files\bravis\galaxee 4free\bravis.exe" = protocol=6 | dir=in | app=c:\program files\bravis\galaxee 4free\bravis.exe |
"TCP Query User{FCD99118-C5F3-4943-93FE-6AAD06ED9F72}C:\alien arena 7_33\crx.exe" = protocol=6 | dir=in | app=c:\alien arena 7_33\crx.exe |
"UDP Query User{3035C961-2D02-4196-8C3E-98FE8D081232}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{629B90C6-1E9E-4CB2-B8E4-D58D6863FF8A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6CC46E87-9C38-4EBF-A76E-1E7041499CAD}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{ADE4C434-23EE-4B0F-8782-FEDAC670E0C6}C:\program files\bravis\galaxee 4free\bravis.exe" = protocol=17 | dir=in | app=c:\program files\bravis\galaxee 4free\bravis.exe |
"UDP Query User{AEDFF2C7-65A8-4480-B54B-004B260FD53A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{AF70CF84-9284-41FA-A081-2941C7AC211D}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{C19935ED-C26A-4266-8500-428D1ADBAE7C}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{C3628AD2-BF1C-4CF1-8ACF-8AE242F1349D}C:\alien arena 7_33\crx.exe" = protocol=17 | dir=in | app=c:\alien arena 7_33\crx.exe |
"UDP Query User{ED862670-A864-4DA4-B73B-0013782C80E6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F6102C32-6F7B-4A08-9AC7-51405E14F2D4}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11
"{1B4E3046-4982-4436-8B6F-2EE4F63326C9}" = Wendy
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5E30BDEB-9307-11D4-9AE0-006067325E47}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7C1824FC-B3EA-DF3F-BCC5-ED8BE0FB74B2}" = Anubis - Das Geheimnis des Osiris
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96E44EA5-13F8-491A-8EAC-67C5FA8D90B5}_is1" = Get7
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB65E3C5-8219-11D7-AA55-00E07DDCAF19}" = Lernspaß 2
"{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}" = BRAVIS Galaxee 4free
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{F00367CA-4E3F-4646-818A-02478313B6E6}" = Movavi Video Converter 8
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"4StoryDE_is1" = 4Story 3.3
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Adventure Chronicles - Die Suche nach dem verlorenen Schatz" = Adventure Chronicles: Die Suche nach dem verlorenen Schatz
"BFG-Annabel" = Annabel
"BFG-Azada - Ancient Magic" = Azada ™: Ancient Magic
"BFGC" = Big Fish Games: Game Manager
"BFG-Club der Ermittlerinnen - Tod in Scharlach" = Club der Ermittlerinnen: Tod in Scharlach
"BFG-Die Schatzsucher - Visionen des Goldes" = Die Schatzsucher: Visionen des Goldes ™
"BFG-Die Schatzsucher 3 - Auf den Spuren der Geister" = Die Schatzsucher 3: Auf den Spuren der Geister
"BFG-Drawn - Flucht aus der Dunkelheit" = Drawn: ® Flucht aus der Dunkelheit
"BFG-Elixier der Unsterblichkeit" = Elixier der Unsterblichkeit
"BFG-Enlightenus II - Der ewige Turm" = Enlightenus II: Der ewige Turm
"BFG-Flux Family Secrets - The Ripple Effect" = Flux Family Secrets: The Ripple Effect
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files®: Dire Grove™
"BFG-Mystery Case Files - Rueckkehr nach Ravenhearst" = Mystery Case Files: Rückkehr nach Ravenhearst ™
"BFG-Prinzessin Isabella und der Fluch der Hexe" = Prinzessin Isabella und der Fluch der Hexe
"BFG-Robins Quest - Aufstieg einer Legende" = Robin's Quest: Aufstieg einer Legende
"BFG-Safecracker" = Safecracker
"BFG-Yard Sale Hidden Treasures - Sunnyville" = Yard Sale Hidden Treasures: Sunnyville
"BFG-Youda Farmer" = Youda Farmer
"CCleaner" = CCleaner
"Coffee Shop" = Coffee Shop
"de.studio100.anubis.geheimnisosiris.ECD972C667655AB064366A82A4411E55DF698589.1" = Anubis - Das Geheimnis des Osiris
"Dethkarz" = Dethkarz
"Die Sims" = Die Sims
"DRK Bildschirmschoner_is1" = DRK Bildschirmschoner
"EA Download Manager" = EA Download Manager
"Elite Force" = Elite Force
"FLVPlayer" = FLV Player 1.3.3
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.5
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LogonStudio Vista" = LogonStudio Vista
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 13140" = America's Army 3
"SWAT3" = SWAT3
"Synthesia" = Synthesia (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Beste Grüße Piet |
|
10.11.2010, 07:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2009.09.22 13:12:33 | 000,005,059 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009.09.22 13:12:14 | 000,000,036 | ---- | C] () -- C:\Windows\IniFile1.ini
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:55BB2521
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:059167AF
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6AF67671
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DA18D4E3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:596E2371
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D8D58038
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:68A56598
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9F38BF31
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:054F0F17
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B8384DB6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6BF0805F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:95198126
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7A0FEE87
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B2CD146E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:27D1368B
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.11.2010, 08:35
| #5 |
| | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Moin Cosinus, hier der OTL Log nach deinen angegeben Spezifikationen: Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\ypkpiykb.yyr moved successfully.
C:\Windows\IniFile1.ini moved successfully.
ADS C:\ProgramData\TEMP:55BB2521 deleted successfully.
ADS C:\ProgramData\TEMP:7A0EFE63 deleted successfully.
ADS C:\ProgramData\TEMP:059167AF deleted successfully.
ADS C:\ProgramData\TEMP:C9FD258B deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:43982D5E deleted successfully.
ADS C:\ProgramData\TEMP:A3B8F70C deleted successfully.
ADS C:\ProgramData\TEMP:7B52659E deleted successfully.
ADS C:\ProgramData\TEMP:3D36932D deleted successfully.
ADS C:\ProgramData\TEMP:3E06C78F deleted successfully.
ADS C:\ProgramData\TEMP:6F55EB66 deleted successfully.
ADS C:\ProgramData\TEMP:CF61CE5A deleted successfully.
ADS C:\ProgramData\TEMP:6AF67671 deleted successfully.
ADS C:\ProgramData\TEMP:DA18D4E3 deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
ADS C:\ProgramData\TEMP:91DEEE71 deleted successfully.
ADS C:\ProgramData\TEMP:041C0562 deleted successfully.
ADS C:\ProgramData\TEMP:596E2371 deleted successfully.
ADS C:\ProgramData\TEMP:E14FA16F deleted successfully.
ADS C:\ProgramData\TEMP:61AF2B29 deleted successfully.
ADS C:\ProgramData\TEMP:6017A808 deleted successfully.
ADS C:\ProgramData\TEMP:C10635F6 deleted successfully.
ADS C:\ProgramData\TEMP:8944C195 deleted successfully.
ADS C:\ProgramData\TEMP:700B9342 deleted successfully.
ADS C:\ProgramData\TEMP:61B54B15 deleted successfully.
ADS C:\ProgramData\TEMP:E80802C7 deleted successfully.
ADS C:\ProgramData\TEMP:0E684AC9 deleted successfully.
ADS C:\ProgramData\TEMP:D8D58038 deleted successfully.
ADS C:\ProgramData\TEMP:68A56598 deleted successfully.
ADS C:\ProgramData\TEMP:DD04902E deleted successfully.
ADS C:\ProgramData\TEMP:9F38BF31 deleted successfully.
ADS C:\ProgramData\TEMP:9D03192E deleted successfully.
ADS C:\ProgramData\TEMP:569CEE83 deleted successfully.
ADS C:\ProgramData\TEMP:870649A4 deleted successfully.
ADS C:\ProgramData\TEMP:4C528C86 deleted successfully.
ADS C:\ProgramData\TEMP:A4AF8D0D deleted successfully.
ADS C:\ProgramData\TEMP:38B32B54 deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:CB16385F deleted successfully.
ADS C:\ProgramData\TEMP:C72A744C deleted successfully.
ADS C:\ProgramData\TEMP:5C6EBC69 deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\ProgramData\TEMP:0E22C5DB deleted successfully.
ADS C:\ProgramData\TEMP:054F0F17 deleted successfully.
ADS C:\ProgramData\TEMP:BD27B7FC deleted successfully.
ADS C:\ProgramData\TEMP:B845F669 deleted successfully.
ADS C:\ProgramData\TEMP:1ECED34B deleted successfully.
ADS C:\ProgramData\TEMP:B8384DB6 deleted successfully.
ADS C:\ProgramData\TEMP:9ACB70D7 deleted successfully.
ADS C:\ProgramData\TEMP:7FCB9D0D deleted successfully.
ADS C:\ProgramData\TEMP:D2397415 deleted successfully.
ADS C:\ProgramData\TEMP:B2735F9E deleted successfully.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
ADS C:\ProgramData\TEMP:0F0A5896 deleted successfully.
ADS C:\ProgramData\TEMP:5E9B629B deleted successfully.
ADS C:\ProgramData\TEMP:109734F6 deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:6BF0805F deleted successfully.
ADS C:\ProgramData\TEMP:24FECE50 deleted successfully.
ADS C:\ProgramData\TEMP:D507B5A8 deleted successfully.
ADS C:\ProgramData\TEMP:C8E82994 deleted successfully.
ADS C:\ProgramData\TEMP:95198126 deleted successfully.
ADS C:\ProgramData\TEMP:7A0FEE87 deleted successfully.
ADS C:\ProgramData\TEMP:0ED4AC2F deleted successfully.
ADS C:\ProgramData\TEMP:43301D1D deleted successfully.
ADS C:\ProgramData\TEMP:FC4EA67C deleted successfully.
ADS C:\ProgramData\TEMP:848CC150 deleted successfully.
ADS C:\ProgramData\TEMP:2BC498A4 deleted successfully.
ADS C:\ProgramData\TEMP:5D351BC6 deleted successfully.
ADS C:\ProgramData\TEMP:53DF59D1 deleted successfully.
ADS C:\ProgramData\TEMP:B2CD146E deleted successfully.
ADS C:\ProgramData\TEMP:DFC3B090 deleted successfully.
ADS C:\ProgramData\TEMP:27D1368B deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Elisa
->Temp folder emptied: 50451909 bytes
->Temporary Internet Files folder emptied: 57575235 bytes
->Java cache emptied: 49754667 bytes
->Flash cache emptied: 19884 bytes
User: HP
->Temp folder emptied: 3815607 bytes
->Temporary Internet Files folder emptied: 533290350 bytes
->Java cache emptied: 79867190 bytes
->FireFox cache emptied: 103357984 bytes
->Flash cache emptied: 610059 bytes
User: Melone
->Temp folder emptied: 33218 bytes
->Temporary Internet Files folder emptied: 33360 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 717892491 bytes
RecycleBin emptied: 5318705 bytes
Total Files Cleaned = 1.528,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11102010_080236
Files\Folders moved on Reboot...
File\Folder C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(23)\Content.IE5\AYBWL5RN\15_1584503_0_170_AdId=2764909;BnId=1;itime=125226076;key=asab_3039m+isBetting+WLTRUE0+WLTRUE1+WLTRUE2+WLTRUE3+WLTRUE4+WLTRUE5+WLTRUE6+WLTRUE7;link=;ord=125226076[1] not found!
File\Folder C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(23)\Content.IE5\9MAUG1NL\15_1584503_0_170_AdId=2764909;BnId=1;itime=127035849;key=asab_3039m+isBetting+WLTRUE0+WLTRUE1+WLTRUE2+WLTRUE3+WLTRUE4+WLTRUE5+WLTRUE6+WLTRUE7;link=;ord=127035849[1] not found!
Registry entries deleted on Reboot...
Grüße Piet |
|
10.11.2010, 08:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C |
|
10.11.2010, 11:19
| #7 |
| | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C So Cosinus hier der CF-Bericht: Combofix Logfile: Code:
ATTFilter ComboFix 10-11-09.01 - HP 10.11.2010 10:49:39.1.2 - x86
ausgeführt von:: c:\users\HP\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\users\HP\AppData\Roaming\.#
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A72960.###
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A72990.###
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A729C0.###
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_usnjsvc
((((((((((((((((((((((( Dateien erstellt von 2010-10-10 bis 2010-11-10 ))))))))))))))))))))))))))))))
.
2010-11-10 07:02 . 2010-11-10 07:02 -------- d-----w- C:\_OTL
2010-11-09 08:04 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A0C16EC-B731-4D4F-A4E1-7B4D0B66BBF9}\mpengine.dll
2010-11-08 13:08 . 2010-11-08 13:08 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2010-11-08 13:08 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 13:08 . 2010-11-08 13:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-08 13:08 . 2010-11-08 13:08 -------- d-----w- c:\programdata\Malwarebytes
2010-11-08 13:08 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 20:25 . 2010-11-07 20:25 -------- d-----w- c:\programdata\Samsung
2010-11-07 20:23 . 2010-11-07 20:23 -------- d-----w- c:\program files\MarkAny
2010-11-07 20:20 . 2010-11-07 20:20 -------- d-----w- c:\users\HP\AppData\Local\Downloaded Installations
2010-11-07 10:51 . 2010-11-07 10:51 -------- d-----w- c:\users\HP\AppData\Roaming\PC Suite
2010-11-07 10:51 . 2010-11-07 10:51 -------- d-----w- c:\programdata\PC Suite
2010-11-05 09:25 . 2010-11-05 09:25 -------- d-----w- c:\users\HP\AppData\Roaming\Avira
2010-10-27 11:26 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 11:26 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 11:26 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 10:52 . 2010-10-28 10:56 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-22 10:52 . 2010-10-22 10:52 -------- d-----w- c:\programdata\McAfee Security Scan
2010-10-19 10:16 . 2010-10-19 10:16 -------- d-----w- c:\program files\iPod
2010-10-19 10:10 . 2010-10-19 10:10 -------- d-----w- c:\program files\Bonjour
2010-10-17 22:33 . 2010-10-17 22:33 -------- d-----w- c:\users\HP\AppData\Roaming\Gogii
2010-10-17 21:32 . 2010-10-17 21:33 -------- d-----w- c:\users\HP\AppData\Roaming\Enlightenus2SE_BFG
2010-10-17 12:40 . 2010-10-17 12:40 -------- d-----w- c:\users\HP\AppData\Roaming\Vogat Interactive
2010-10-17 12:22 . 2010-10-17 12:23 -------- d-----w- c:\program files\Drawn - Flucht aus der Dunkelheit
2010-10-17 11:50 . 2010-10-17 11:51 -------- d-----w- c:\program files\Robins Quest - Aufstieg einer Legende
2010-10-17 10:49 . 2010-10-17 10:49 -------- d-----w- c:\program files\Elixier der Unsterblichkeit
2010-10-17 10:08 . 2010-10-17 10:09 -------- d-----w- c:\program files\Enlightenus II - Der ewige Turm
2010-10-12 23:08 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-12 23:07 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-12 22:43 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-12 22:43 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-12 22:43 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-12 22:43 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 06:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-04-19 21:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-27 11:26 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 11:26 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 11:26 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 11:26 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 12:42 128000 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}"="c:\program files\BRAVIS\Galaxee 4free\bravis.exe" [2009-12-18 7696704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-17 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c998ca40d6bbff;Google Update Service (gupdate1c998ca40d6bbff);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-04-23 39408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
2010-11-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-27 08:43]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 10:57]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 10:57]
2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{D5D03B1D-F6F6-4927-ABA2-A822FA9CD2A6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\gn2gx2tl.default\
FF - prefs.js: browser.startup.homepage - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
**************************************************************************
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:62,90,6d,62,73,1e,44,2f,5b,c4,ea,1f,25,1a,61,80,7f,59,17,46,33,0c,c2,
d1,80,70,67,b8,85,23,cc,f4,49,8e,d3,8a,75,21,58,bf,7c,93,22,7a,98,9a,e9,a2,\
"??"=hex:4c,29,47,78,35,42,bc,1b,86,e3,61,d6,a0,f3,53,d9
[HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\License information*]
"datasecu"=hex:ee,ec,63,04,56,e2,46,56,25,87,0c,dc,78,85,72,6b,5b,5f,79,c7,b8,
6e,c1,66,78,4e,89,d7,93,27,0f,40,99,b7,4e,f7,15,5a,de,ea,cd,cb,a8,d7,ca,8e,\
"rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(5560)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-10 11:13:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-10 10:12
Vor Suchlauf: 19 Verzeichnis(se), 103.797.641.216 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 103.970.107.392 Bytes frei
- - End Of File - - EA7741343CF20539E0E51E98EE130598
Grüße |
|
10.11.2010, 11:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2010, 12:49
| #9 |
| | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Hier die nächsten Logs: GMER Log GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-10 12:25:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
Running: 0d5sdtks.exe; Driver: C:\Users\HP\AppData\Local\Temp\pwnyrfog.sys
---- Kernel code sections - GMER 1.0.15 ----
C:\Program Files\HP\QuickPlay\000.fcl entry point in "" section [0xA3178000]
.clc C:\Program Files\HP\QuickPlay\000.fcl unknown last section [0xA3179000, 0x1000, 0x00000000]
---- Devices - GMER 1.0.15 ----
Device \Driver\BTHUSB \Device\000001e0 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186ba60a8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186ba60a8@a8f274db83d9 0x42 0x69 0xCF 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186ba60a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186ba60a8@a8f274db83d9 0x42 0x69 0xCF 0x38 ...
---- EOF - GMER 1.0.15 ----
OSAM Log OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:41:12 on 10.11.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.12 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ArcSoft Magic-I Visual Effect" (ArcSoftKsUFilter) - "ArcSoft, Inc." - C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "pwnyrfog" (pwnyrfog) - ? - C:\Users\HP\AppData\Local\Temp\pwnyrfog.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "USB PC Camera (SNPSTD3)" (SNPSTD3) - ? - C:\Windows\System32\DRIVERS\snpstd3.sys (File not found) "{22D78859-9CE9-4B77-BF18-AC83E81A9263}" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - "Cyberlink Corp." - C:\Program Files\HP\QuickPlay\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "NeoTrace It!" - ? - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (File not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "GMNRev Class" - "Hewlett-Packard" - C:\Program Files\HP\Common\HPGMNRev.dll / hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\Windows\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar BHO" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll {395610AE-C624-4f58-B89E-23733EA00F9A} "DigitalPersona Personal Extension" - "DigitalPersona, Inc." - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe "ISUSPM" - "Macrovision Corporation" - "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler "Steam" - "Valve Corporation" - "C:\Program Files\Steam\Steam.exe" -silent -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}" - "BRAVIS GmbH" - "C:\Program Files\BRAVIS\Galaxee 4free\bravis.exe" --autostart "DpAgent" - "DigitalPersona, Inc." - C:\Program Files\DigitalPersona\Bin\dpagent.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SearchSettings" - "Spigot, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128" (DpHost) - "DigitalPersona, Inc." - C:\Program Files\DigitalPersona\Bin\DpHostW.exe "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c998ca40d6bbff)" (gupdate1c998ca40d6bbff) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe "QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe "Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Validity Fingerprint Service" (vfsFPService) - "Validity Sensors, Inc." - C:\Windows\system32\vfsFPService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== MBRCheck Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv5 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 214):
0x8284E000 \SystemRoot\system32\ntkrnlpa.exe
0x8281B000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x8060E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80697000 \SystemRoot\system32\drivers\acpi.sys
0x806DD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E6000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EE000 \SystemRoot\system32\drivers\pci.sys
0x80715000 \SystemRoot\system32\drivers\isapnp.sys
0x80724000 \SystemRoot\system32\drivers\mpio.sys
0x80740000 \SystemRoot\System32\drivers\partmgr.sys
0x8074F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80752000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8075C000 \SystemRoot\system32\drivers\volmgr.sys
0x8076B000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B5000 \SystemRoot\system32\drivers\intelide.sys
0x807BC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807CA000 \SystemRoot\system32\drivers\pciide.sys
0x807D1000 \SystemRoot\system32\drivers\aliide.sys
0x807D8000 \SystemRoot\system32\drivers\amdide.sys
0x807DF000 \SystemRoot\system32\drivers\cmdide.sys
0x807E7000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B9000 \SystemRoot\system32\drivers\msdsm.sys
0x805D3000 \SystemRoot\system32\drivers\nvraid.sys
0x82E06000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82E27000 \SystemRoot\system32\drivers\viaide.sys
0x82E2F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82EFD000 \SystemRoot\system32\drivers\iastorv.sys
0x82F9E000 \SystemRoot\system32\drivers\atapi.sys
0x82FA6000 \SystemRoot\system32\drivers\ataport.SYS
0x82FC4000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x84001000 \SystemRoot\system32\drivers\storport.sys
0x84042000 \SystemRoot\system32\drivers\nvstor.sys
0x8404F000 \SystemRoot\system32\drivers\msahci.sys
0x84059000 \SystemRoot\system32\drivers\hpcisss.sys
0x84064000 \SystemRoot\system32\drivers\adp94xx.sys
0x840CE000 \SystemRoot\system32\drivers\adpahci.sys
0x8411A000 \SystemRoot\system32\drivers\adpu160m.sys
0x84135000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8415B000 \SystemRoot\system32\drivers\adpu320.sys
0x84181000 \SystemRoot\system32\drivers\djsvs.sys
0x84195000 \SystemRoot\system32\drivers\arc.sys
0x841AB000 \SystemRoot\system32\drivers\arcsas.sys
0x84208000 \SystemRoot\system32\drivers\elxstor.sys
0x8429C000 \SystemRoot\system32\drivers\i2omp.sys
0x842A6000 \SystemRoot\system32\drivers\iirsp.sys
0x842B6000 \SystemRoot\system32\drivers\iteatapi.sys
0x842C2000 \SystemRoot\system32\drivers\iteraid.sys
0x842CE000 \SystemRoot\system32\drivers\lsi_fc.sys
0x842E8000 \SystemRoot\system32\drivers\lsi_sas.sys
0x84300000 \SystemRoot\system32\drivers\megasas.sys
0x8430A000 \SystemRoot\system32\drivers\megasr.sys
0x843C1000 \SystemRoot\system32\drivers\mraid35x.sys
0x843CC000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B60B000 \SystemRoot\system32\drivers\ql2300.sys
0x8B743000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B798000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B7A5000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B7BA000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B7C6000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B7D1000 \SystemRoot\system32\drivers\sym_u3.sys
0x841C1000 \SystemRoot\system32\drivers\uliahci.sys
0x8B7DC000 \SystemRoot\system32\drivers\ulsata.sys
0x8B808000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B834000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B855000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B887000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B897000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA0E000 \SystemRoot\system32\drivers\ndis.sys
0x8BB19000 \SystemRoot\system32\drivers\msrpc.sys
0x8BB44000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B908000 \SystemRoot\System32\drivers\tcpip.sys
0x8BB7F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BC00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD10000 \SystemRoot\system32\drivers\wd.sys
0x8BD18000 \SystemRoot\system32\drivers\volsnap.sys
0x8BD51000 \SystemRoot\System32\Drivers\spldr.sys
0x8BD59000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BD6E000 \SystemRoot\System32\Drivers\mup.sys
0x8BD7D000 \SystemRoot\System32\drivers\ecache.sys
0x8BDA4000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8BDAD000 \SystemRoot\system32\drivers\disk.sys
0x8BDBE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8F6D5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F6E0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F6E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F6F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FC02000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90559000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9055B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F6FC000 \SystemRoot\System32\drivers\watchdog.sys
0x8F708000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F713000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F751000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F760000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90A0C000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x90D95000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90DB6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90DC6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90DD4000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x90DE8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90DFB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x90A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BB9A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x905FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F7ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BDD4000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8F7F8000 \SystemRoot\system32\drivers\Afc.sys
0x8BBCA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8BDEC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BDF5000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x90E0E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90E3D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90E48000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90E5F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90E6A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90E8D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90E9C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90EB0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90EC5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90ED5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90ED7000 \SystemRoot\system32\DRIVERS\ks.sys
0x90F01000 \SystemRoot\system32\DRIVERS\circlass.sys
0x90F0F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90F19000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90F26000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90F5B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90F6C000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x91C0B000 \SystemRoot\system32\DRIVERS\portcls.sys
0x91C38000 \SystemRoot\system32\DRIVERS\drmk.sys
0x91C5D000 \SystemRoot\system32\drivers\nvhda32v.sys
0x91C6B000 \SystemRoot\system32\DRIVERS\hidir.sys
0x91C76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91C86000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91C8D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91C96000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91C9E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91CA7000 \SystemRoot\System32\Drivers\Null.SYS
0x91CAE000 \SystemRoot\System32\Drivers\Beep.SYS
0x91CB5000 \SystemRoot\System32\drivers\vga.sys
0x91CC1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91CE2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91CEA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91CF2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91CFD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91D0B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91D14000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91D2A000 \SystemRoot\system32\DRIVERS\smb.sys
0x91D3E000 \SystemRoot\system32\drivers\afd.sys
0x91D86000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91DB8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91DCE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91DDC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91DEF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91E05000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91E41000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91E4B000 \SystemRoot\System32\Drivers\dfsc.sys
0x91E62000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91E85000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x91E87000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91E90000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x91E97000 \SystemRoot\system32\drivers\vfs101x.sys
0x91EA4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91EBB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91EDC000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x91EE5000 \SystemRoot\system32\DRIVERS\udfs.sys
0x91F20000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x91F2D000 \SystemRoot\System32\Drivers\bthport.sys
0x91FAD000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x91FD6000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x91FE0000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x90FD4000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x90FE3000 \SystemRoot\system32\drivers\modem.sys
0x8F606000 \SystemRoot\system32\drivers\btwavdt.sys
0x93400000 \SystemRoot\system32\drivers\btwaudio.sys
0x93480000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x93483000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93490000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x99220000 \SystemRoot\System32\win32k.sys
0x9355E000 \SystemRoot\System32\drivers\Dxapi.sys
0x93568000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99440000 \SystemRoot\System32\TSDDD.dll
0x99460000 \SystemRoot\System32\cdd.dll
0x93577000 \SystemRoot\system32\drivers\luafv.sys
0x93592000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9F80E000 \SystemRoot\system32\drivers\spsys.sys
0x9F8BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9F8CE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9F8F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9F902000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9F915000 \SystemRoot\system32\drivers\HTTP.sys
0x9F982000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F99F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9F9B8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9F9CD000 \SystemRoot\system32\drivers\mrxdav.sys
0x935A7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x935C6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8F66D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8F685000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3003000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3069000 \SystemRoot\system32\drivers\peauth.sys
0xA3147000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3151000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA315D000 \??\C:\Program Files\HP\QuickPlay\000.fcl
0xA317C000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xA3185000 \??\C:\Users\HP\AppData\Local\Temp\pwnyrfog.sys
0x77560000 \Windows\System32\ntdll.dll
Processes (total 94):
0 System Idle Process
4 SYSTEM
520 C:\Windows\System32\smss.exe
604 csrss.exe
656 C:\Windows\System32\wininit.exe
672 csrss.exe
704 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\nvvsvc.exe
960 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
1220 C:\Windows\System32\audiodg.exe
1244 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\SLsvc.exe
1308 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\hpservice.exe
1420 C:\Windows\System32\winlogon.exe
1472 C:\Windows\System32\vfsFPService.exe
1520 C:\Windows\System32\svchost.exe
1780 C:\Windows\System32\spoolsv.exe
1812 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1984 C:\Windows\System32\nvvsvc.exe
440 C:\Program Files\Avira\AntiVir Desktop\sched.exe
460 C:\Windows\System32\svchost.exe
572 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
532 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2036 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2024 C:\Program Files\Application Updater\ApplicationUpdater.exe
372 C:\Program Files\Bonjour\mDNSResponder.exe
1500 C:\Windows\System32\svchost.exe
2064 C:\Windows\System32\FsUsbExService.Exe
2112 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2252 C:\Windows\System32\PnkBstrA.exe
2276 C:\Windows\System32\svchost.exe
2324 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2336 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2372 C:\Windows\SMINST\BLService.exe
2380 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2416 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2448 C:\Windows\System32\svchost.exe
2484 C:\Windows\System32\svchost.exe
2512 C:\Windows\System32\SearchIndexer.exe
3456 C:\Windows\System32\taskeng.exe
3748 C:\Windows\System32\taskeng.exe
3812 C:\Windows\System32\dwm.exe
3828 C:\Windows\explorer.exe
3440 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3976 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3540 C:\Program Files\HP\QuickPlay\QPService.exe
2464 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2844 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3136 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4048 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4012 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
768 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
2692 C:\Program Files\Windows Media Player\wmpnscfg.exe
2876 C:\Program Files\IDT\WDM\sttray.exe
1948 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
700 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1884 C:\Program Files\iTunes\iTunesHelper.exe
1396 C:\Program Files\Windows Sidebar\sidebar.exe
2936 C:\Windows\ehome\ehtray.exe
3088 C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
2952 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
1400 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3692 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3704 C:\Windows\ehome\ehmsas.exe
2920 C:\Program Files\Windows Media Player\wmpnetwk.exe
3252 WmiPrvSE.exe
2880 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
3784 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4268 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4344 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4916 C:\Program Files\iPod\bin\iPodService.exe
5180 C:\Windows\System32\svchost.exe
5504 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5580 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1880 C:\Program Files\Internet Explorer\iexplore.exe
5960 C:\Program Files\Internet Explorer\iexplore.exe
6036 C:\Program Files\AOL\AOL Toolbar 5.0\AolTbServer.exe
4684 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
2468 C:\Windows\System32\SearchProtocolHost.exe
3412 C:\Windows\System32\SearchFilterHost.exe
4952 C:\Program Files\Internet Explorer\iexplore.exe
5592 dllhost.exe
1132 dllhost.exe
3128 C:\Users\HP\Desktop\MBRCheck.exe
6092 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`47e00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT0, Rev: 12.01A12
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
|
|
10.11.2010, 14:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Hast Du noch andere Betriebssysteme außer Vista installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.11.2010, 15:23
| #11 |
| | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Hallo Cosinus, nein ich habe nur Vista installiert. Auf der D Partition ist eine Recovery Version von HP draufgespielt (war beim Kauf schon). Eine Vista-Installations-DVD hab ich auch nicht, da es ein Komplett-Notebook mit vorinstalliertem Vista ist. Soll ich trotzdem eine Recovery CD anlegen, wie in deinem ersten Link empfohlen oder können wir die Computerreparaturoptionen auch von der Recovery Partition starten? Hab aber sowas noch nicht gemacht (mit Recovery Partitionen zu arbeiten). Beste Grüße Piet |
|
10.11.2010, 23:47
| #12 |
| | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Ok Cosinus, hab von CD gebootet, Computerreparaturoptionen aufgerufen und beide Befehle in der Eingabeaufforderung eingegeben. Beide Aktionen ohne Fehler ausgeführt. Wie geht es weiter im Programm? Beste Grüße Piet |
|
10.11.2010, 16:49
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Dann mach es über die verlinkte Notfall-CD, wo du das Image runterladen kannst.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2010, 00:10
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C Nun bräuchte ich ein neues Log von mbrcheck
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2010, 00:17
| #15 |
| | Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C So der neue MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv5 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 213):
0x82819000 \SystemRoot\system32\ntkrnlpa.exe
0x82BD2000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\system32\drivers\isapnp.sys
0x80722000 \SystemRoot\system32\drivers\mpio.sys
0x8073E000 \SystemRoot\System32\drivers\partmgr.sys
0x8074D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80750000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8075A000 \SystemRoot\system32\drivers\volmgr.sys
0x80769000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B3000 \SystemRoot\system32\drivers\intelide.sys
0x807BA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C8000 \SystemRoot\system32\drivers\pciide.sys
0x807CF000 \SystemRoot\system32\drivers\aliide.sys
0x807D6000 \SystemRoot\system32\drivers\amdide.sys
0x807DD000 \SystemRoot\system32\drivers\cmdide.sys
0x807E5000 \SystemRoot\System32\drivers\mountmgr.sys
0x805C0000 \SystemRoot\system32\drivers\msdsm.sys
0x805DA000 \SystemRoot\system32\drivers\nvraid.sys
0x82E0D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82E2E000 \SystemRoot\system32\drivers\viaide.sys
0x82E36000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82F04000 \SystemRoot\system32\drivers\iastorv.sys
0x82FA5000 \SystemRoot\system32\drivers\atapi.sys
0x82FAD000 \SystemRoot\system32\drivers\ataport.SYS
0x82FCB000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x84005000 \SystemRoot\system32\drivers\storport.sys
0x84046000 \SystemRoot\system32\drivers\nvstor.sys
0x84053000 \SystemRoot\system32\drivers\msahci.sys
0x8405D000 \SystemRoot\system32\drivers\hpcisss.sys
0x84068000 \SystemRoot\system32\drivers\adp94xx.sys
0x840D2000 \SystemRoot\system32\drivers\adpahci.sys
0x8411E000 \SystemRoot\system32\drivers\adpu160m.sys
0x84139000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8415F000 \SystemRoot\system32\drivers\adpu320.sys
0x84185000 \SystemRoot\system32\drivers\djsvs.sys
0x84199000 \SystemRoot\system32\drivers\arc.sys
0x841AF000 \SystemRoot\system32\drivers\arcsas.sys
0x84206000 \SystemRoot\system32\drivers\elxstor.sys
0x8429A000 \SystemRoot\system32\drivers\i2omp.sys
0x842A4000 \SystemRoot\system32\drivers\iirsp.sys
0x842B4000 \SystemRoot\system32\drivers\iteatapi.sys
0x842C0000 \SystemRoot\system32\drivers\iteraid.sys
0x842CC000 \SystemRoot\system32\drivers\lsi_fc.sys
0x842E6000 \SystemRoot\system32\drivers\lsi_sas.sys
0x842FE000 \SystemRoot\system32\drivers\megasas.sys
0x84308000 \SystemRoot\system32\drivers\megasr.sys
0x843BF000 \SystemRoot\system32\drivers\mraid35x.sys
0x843CA000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B60C000 \SystemRoot\system32\drivers\ql2300.sys
0x8B744000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B799000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B7A6000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B7BB000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B7C7000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B7D2000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B806000 \SystemRoot\system32\drivers\uliahci.sys
0x8B842000 \SystemRoot\system32\drivers\ulsata.sys
0x8B863000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B88F000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B8B0000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B8E2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B8F2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA09000 \SystemRoot\system32\drivers\ndis.sys
0x8BB14000 \SystemRoot\system32\drivers\msrpc.sys
0x8BB3F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC06000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BE08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF18000 \SystemRoot\system32\drivers\wd.sys
0x8BF20000 \SystemRoot\system32\drivers\volsnap.sys
0x8BF59000 \SystemRoot\System32\Drivers\spldr.sys
0x8BF61000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BF76000 \SystemRoot\System32\Drivers\mup.sys
0x8BF85000 \SystemRoot\System32\drivers\ecache.sys
0x8BFAC000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8BFB5000 \SystemRoot\system32\drivers\disk.sys
0x8BFC6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BFDC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BFE7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BFF0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F40B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FD62000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FE0E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FEAF000 \SystemRoot\System32\drivers\watchdog.sys
0x8FEBB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FEC6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FF04000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FF13000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90009000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x90392000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x903B3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x903C3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x903D1000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x903E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x903F8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FFA0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FFAB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x903FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FFDB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FFE6000 \SystemRoot\system32\DRIVERS\enecir.sys
0x90000000 \SystemRoot\system32\drivers\Afc.sys
0x8FD64000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FD7C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8FD85000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8FD90000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FDBF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FDCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FDE1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BDD9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FDEC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BB7A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BB8E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BBA3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FE06000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BBB3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BBDD000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8F400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BBEB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B963000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B998000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90C01000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x90C69000 \SystemRoot\system32\DRIVERS\portcls.sys
0x90C96000 \SystemRoot\system32\DRIVERS\drmk.sys
0x90CBB000 \SystemRoot\system32\drivers\nvhda32v.sys
0x90CC9000 \SystemRoot\system32\DRIVERS\hidir.sys
0x90CD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90CE4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90CEB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90CF4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90CFC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90D05000 \SystemRoot\System32\Drivers\Null.SYS
0x90D0C000 \SystemRoot\System32\Drivers\Beep.SYS
0x90D13000 \SystemRoot\System32\drivers\vga.sys
0x90D1F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90D40000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90D48000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90D50000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90D5B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90D69000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90D72000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90D88000 \SystemRoot\system32\DRIVERS\smb.sys
0x90D9C000 \SystemRoot\system32\drivers\afd.sys
0x8B9A9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90DE4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B9DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B9E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90DFA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91006000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91042000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9104C000 \SystemRoot\System32\Drivers\dfsc.sys
0x91063000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91086000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9108F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x91091000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x91098000 \SystemRoot\system32\drivers\vfs101x.sys
0x910A5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x910B2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x91180000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91197000 \SystemRoot\System32\Drivers\usbvideo.sys
0x911B8000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x911C1000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8BD0B000 \SystemRoot\System32\Drivers\bthport.sys
0x911CE000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8BFCF000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8BD8B000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8BDA5000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x8BDB4000 \SystemRoot\system32\drivers\modem.sys
0x92E05000 \SystemRoot\system32\drivers\btwavdt.sys
0x92E6C000 \SystemRoot\system32\drivers\btwaudio.sys
0x92EEC000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x93000000 \SystemRoot\System32\win32k.sys
0x92EEF000 \SystemRoot\System32\drivers\Dxapi.sys
0x92EF9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93220000 \SystemRoot\System32\TSDDD.dll
0x93240000 \SystemRoot\System32\cdd.dll
0x92F08000 \SystemRoot\system32\drivers\luafv.sys
0x92F23000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x92F38000 \SystemRoot\system32\drivers\spsys.sys
0x92FE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x841C5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BDC1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8B7DD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0008000 \SystemRoot\system32\drivers\HTTP.sys
0xA0075000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0092000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA00AB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA00C0000 \SystemRoot\system32\drivers\mrxdav.sys
0xA00E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0100000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0139000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0151000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0179000 \SystemRoot\System32\DRIVERS\srv.sys
0xABA0C000 \SystemRoot\system32\drivers\peauth.sys
0xABAEA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xABAF4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xABB00000 \??\C:\Program Files\HP\QuickPlay\000.fcl
0xABB1F000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xABB28000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77980000 \Windows\System32\ntdll.dll
Processes (total 97):
0 System Idle Process
4 SYSTEM
436 C:\Windows\System32\smss.exe
520 csrss.exe
572 C:\Windows\System32\wininit.exe
584 csrss.exe
616 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
892 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
1144 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\SLsvc.exe
1212 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\hpservice.exe
1340 C:\Windows\System32\winlogon.exe
1404 C:\Windows\System32\vfsFPService.exe
1484 C:\Windows\System32\svchost.exe
1672 C:\Windows\System32\spoolsv.exe
1700 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1904 C:\Windows\System32\nvvsvc.exe
124 C:\Program Files\Avira\AntiVir Desktop\sched.exe
292 C:\Windows\System32\svchost.exe
2004 C:\Windows\System32\dwm.exe
1200 C:\Windows\explorer.exe
1960 C:\Windows\System32\taskeng.exe
2096 C:\Windows\System32\taskeng.exe
2156 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2164 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2188 C:\Program Files\HP\QuickPlay\QPService.exe
2220 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2260 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2464 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2492 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2536 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2544 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
2552 C:\Program Files\IDT\WDM\sttray.exe
2656 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2664 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2688 C:\Program Files\iTunes\iTunesHelper.exe
2696 C:\Program Files\Windows Sidebar\sidebar.exe
2712 C:\Windows\ehome\ehtray.exe
2720 C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
2736 C:\Program Files\Windows Media Player\wmpnscfg.exe
2744 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
2756 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2784 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
2800 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2876 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
2944 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2964 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2980 C:\Program Files\Application Updater\ApplicationUpdater.exe
3012 C:\Program Files\Bonjour\mDNSResponder.exe
3032 C:\Windows\System32\svchost.exe
3076 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3084 C:\Windows\System32\FsUsbExService.Exe
3216 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3264 C:\Windows\System32\PnkBstrA.exe
3320 C:\Windows\System32\svchost.exe
3352 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
3384 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
3396 C:\Windows\SMINST\BLService.exe
3424 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3504 C:\Windows\System32\svchost.exe
3556 C:\Windows\System32\svchost.exe
3640 C:\Windows\System32\SearchIndexer.exe
2836 C:\Windows\ehome\ehmsas.exe
3044 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3528 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
1920 C:\Program Files\Internet Explorer\iexplore.exe
2172 C:\Program Files\Internet Explorer\iexplore.exe
3524 C:\Program Files\AOL\AOL Toolbar 5.0\AolTbServer.exe
4316 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
4764 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4832 C:\Program Files\Windows Media Player\wmpnetwk.exe
4860 WmiPrvSE.exe
5152 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
5244 C:\Program Files\iPod\bin\iPodService.exe
5360 C:\Windows\System32\svchost.exe
5484 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
5548 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5828 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4132 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1152 C:\Program Files\Internet Explorer\iexplore.exe
4844 C:\Windows\System32\SearchProtocolHost.exe
5788 C:\Windows\System32\SearchFilterHost.exe
5884 dllhost.exe
5440 dllhost.exe
2196 C:\Users\HP\Desktop\MBRCheck.exe
228 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`47e00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT0, Rev: 12.01A12
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
|
| Themen zu Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C |
| .dll, adware.widgitoolbar, antivir, avg, avira, browser, components, desktop, dwm.exe, explorer.exe, java/agent.hr, java/agent.m.1, jusched.exe, lsass.exe, malwarebytes, microsoft, modul, namen, nt.dll, pdfforge toolbar, programm, prozesse, registry, service.exe, services.exe, software, sttray.exe, svchost.exe, trojan.dropper.pgen, trojaner, trojaner board, versteckte objekte, verweise, virus, virus gefunden, windows, winlogon.exe, wmp |
Hybrid-Darstellung
