Home » Viren, Trojaner & Malware Forum » Trojaner Tr/reg Kobaface.89+tr/atraps.gen+den Wurm Koobaface eingefangen » Themenansicht
Trojaner Tr/reg Kobaface.89+tr/atraps.gen+den Wurm Koobaface eingefangen |
||
|---|---|---|
| #0
| ||
|
12.11.2009, 09:28
Member
Beiträge: 34 |
||
 
|
|
|
|
12.11.2009, 10:31
Member
 Beiträge: 694 |
#2
Hi,
Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool (http://swandog46.geekstogo.com/avenger.exe)Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code Registry values to delete:3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet. 4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect .cab Malwarebytes Antimalware (MAM)Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Fullscan und alles bereinigen lassen! Log posten. RSIT Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile. * Lade Random's System Information Tool (RSIT) herunter (http://images.malwareremoval.com/random/RSIT.exe) * speichere es auf Deinem Desktop. * Starte mit Doppelklick die RSIT.exe. * Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren. * Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren. * In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept". * Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen. * Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage. * Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet. * Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread. Gmer: http://virus-protect.org/artikel/tools/gmer.html Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Chris |
|
|
|
|
|
|
12.11.2009, 16:11
Member
Themenstarter Beiträge: 34 |
#3
Also:
Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Windows\ld15.exe" deleted successfully. File "C:\Windows\freddy73.exe" deleted successfully. Error: file "C:\Windows\mstre22.exe" not found! Deletion of file "C:\Windows\mstre22.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Program Files\captcha.dll" not found! Deletion of file "C:\Program Files\captcha.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sysldtray" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sysfbtray" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Captcha7" deleted successfully. Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SySmstray" deleted successfully. Completed script processing. ******************* Finished! Terminate. dann: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2775 Windows 6.0.6001 Service Pack 1 12.11.2009 15:52:54 mbam-log-2009-11-12 (15-52-49).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 309880 Laufzeit: 1 hour(s), 36 minute(s), 37 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\mmsmark2.dat (KoobFace.Trace) -> No action taken. dann: Logfile of random's system information tool 1.06 (written by random/random) Run by Muloo at 2009-11-12 15:56:40 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 352 GB (76%) free of 465 GB Total RAM: 3038 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:57:02, on 12.11.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\vfsFPService.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\Explorer.EXE C:\Program Files\Mobile Partner\Mobile Partner.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Muloo\Desktop\RSIT.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\Muloo.exe C:\Windows\system32\svchost.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST') O17 - HKLM\System\CCS\Services\Tcpip\..\{7419F3E3-06FB-4E83-8B99-22A88BAFC6F3}: NameServer = 195.141.56.5 193.192.227.3 O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 5124 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AirCardEnabler"= [] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-09-22 1243088] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux" "C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater" ""="" "C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a229d2b-9632-11de-b8f0-00269e0a2f87}] shell\AutoRun\command - G:\WIN\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f87bc97-acba-11de-b9d7-00a0d5ffffa9}] shell\AutoRun\command - G:\ shell\open\command - rundll32.exe .\\kwdfo.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{455cb053-b305-11de-9f4c-00a0d5ffffa9}] shell\AutoRun\command - G:\ shell\open\command - rundll32.exe .\\kbvda.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d242656-a0ff-11de-aba1-00a0d5ffffa9}] shell\AutoRun\command - H:\ shell\open\command - rundll32.exe .\\sulwoa.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90006693-961e-11de-9644-806e6f6e6963}] shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91755891-be02-11de-9a6c-00a0d5ffffa9}] shell\AutoRun\command - G:\ shell\open\command - rundll32.exe .\\hvifil32.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5aab-c45e-11de-bf6d-00269e0a2f87}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5ac5-c45e-11de-bf6d-00269e0a2f87}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5ad9-c45e-11de-bf6d-00269e0a2f87}] shell\AutoRun\command - H:\RECYCLERS\runmgr.exe shell\open\command - H:\RECYCLERS\runmgr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa67fb35-ccfd-11de-a7a6-00269e0a2f87}] shell\AutoRun\command - F:\AutoRun.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-11-12 15:56:40 ----D---- C:\rsit 2009-11-12 13:32:50 ----D---- C:\Avenger 2009-11-12 13:32:50 ----A---- C:\avenger.txt 2009-11-12 09:15:31 ----D---- C:\Program Files\Trend Micro 2009-11-11 12:03:45 ----D---- C:\Windows\Minidump 2009-11-11 09:06:07 ----D---- C:\Users\Muloo\AppData\Roaming\Malwarebytes 2009-11-11 09:05:43 ----D---- C:\ProgramData\Malwarebytes 2009-11-11 09:05:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-11 08:22:52 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-10 16:50:16 ----A---- C:\Windows\SGDetectionTool.dll 2009-11-10 16:50:16 ----A---- C:\Windows\BDTSupport.dll 2009-11-10 16:50:15 ----A---- C:\Windows\PCTBDRes.dll 2009-11-10 16:50:15 ----A---- C:\Windows\PCTBDCore.dll 2009-11-10 16:45:30 ----D---- C:\Users\Muloo\AppData\Roaming\PC Tools 2009-11-10 16:45:30 ----D---- C:\ProgramData\PC Tools 2009-11-10 16:45:30 ----D---- C:\Program Files\Spyware Doctor 2009-11-10 16:45:30 ----D---- C:\Program Files\Common Files\PC Tools 2009-11-10 15:15:56 ----D---- C:\ProgramData\Avira 2009-11-10 15:15:56 ----D---- C:\Program Files\Avira 2009-11-04 08:23:11 ----A---- C:\Windows\system32\mshtml.dll 2009-10-30 08:03:01 ----D---- C:\Program Files\Mobile Partner 2009-10-28 10:10:58 ----A---- C:\Windows\system32\wmp.dll 2009-10-28 10:10:56 ----A---- C:\Windows\system32\unregmp2.exe 2009-10-28 10:10:52 ----A---- C:\Windows\system32\wmploc.DLL 2009-10-22 09:16:10 ----D---- C:\ProgramData\NOS 2009-10-22 09:16:10 ----D---- C:\Program Files\NOS 2009-10-22 06:34:27 ----A---- C:\Windows\system32\wininet.dll 2009-10-22 06:34:27 ----A---- C:\Windows\system32\urlmon.dll 2009-10-22 06:34:27 ----A---- C:\Windows\system32\iertutil.dll 2009-10-22 06:34:27 ----A---- C:\Windows\system32\ieframe.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\occache.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\msfeedssync.exe 2009-10-22 06:34:26 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\msfeeds.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\jsproxy.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\ieUnatt.exe 2009-10-22 06:34:26 ----A---- C:\Windows\system32\ieui.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\iesysprep.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\iesetup.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\iernonce.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\iepeers.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\iedkcs32.dll 2009-10-22 06:34:26 ----A---- C:\Windows\system32\ie4uinit.exe 2009-10-19 07:11:03 ----A---- C:\Windows\system32\msv1_0.dll 2009-10-19 07:11:00 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-10-19 07:11:00 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-10-19 07:10:44 ----A---- C:\Windows\system32\EncDec.dll 2009-10-19 07:10:43 ----A---- C:\Windows\system32\psisdecd.dll 2009-10-19 07:10:31 ----A---- C:\Windows\system32\msasn1.dll 2009-10-19 07:10:23 ----A---- C:\Windows\system32\WMSPDMOD.DLL ======List of files/folders modified in the last 1 months====== 2009-11-12 15:57:01 ----D---- C:\Windows\Temp 2009-11-12 15:56:52 ----D---- C:\Windows\Prefetch 2009-11-12 15:54:59 ----AD---- C:\ProgramData\Temp 2009-11-12 15:52:58 ----D---- C:\Windows 2009-11-12 15:44:44 ----SHD---- C:\System Volume Information 2009-11-12 14:38:23 ----D---- C:\Program Files\StarWarsGalaxies 2009-11-12 14:05:29 ----D---- C:\Windows\System32 2009-11-12 14:05:29 ----D---- C:\Windows\inf 2009-11-12 14:05:29 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-11-12 13:57:15 ----SD---- C:\Windows\Downloaded Program Files 2009-11-12 13:57:15 ----D---- C:\Program Files\SystemRequirementsLab 2009-11-12 13:57:15 ----D---- C:\Program Files\Download Manager 2009-11-12 13:49:07 ----A---- C:\ProgramData\HPWALog.txt 2009-11-12 13:35:09 ----RD---- C:\Program Files 2009-11-12 13:34:54 ----HD---- C:\ProgramData 2009-11-12 13:32:50 ----D---- C:\Windows\system32\drivers 2009-11-12 03:31:54 ----D---- C:\Windows\winsxs 2009-11-12 03:21:44 ----D---- C:\Windows\system32\catroot 2009-11-12 03:19:05 ----D---- C:\Program Files\Windows Mail 2009-11-12 03:03:53 ----SHD---- C:\Windows\Installer 2009-11-12 03:03:46 ----D---- C:\ProgramData\Microsoft Help 2009-11-12 03:00:33 ----D---- C:\Windows\system32\catroot2 2009-11-10 16:45:30 ----D---- C:\Program Files\Common Files 2009-11-10 16:39:27 ----D---- C:\Program Files\Mozilla Firefox 2009-11-09 08:28:28 ----D---- C:\Windows\ModemLogs 2009-11-05 18:36:21 ----A---- C:\Windows\system32\mrt.exe 2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe 2009-10-29 09:09:40 ----D---- C:\Windows\rescache 2009-10-28 15:00:03 ----D---- C:\Program Files\Internet Explorer 2009-10-28 14:59:44 ----D---- C:\Windows\system32\it-IT 2009-10-28 14:59:44 ----D---- C:\Windows\system32\fr-FR 2009-10-28 14:59:44 ----D---- C:\Windows\system32\de-DE 2009-10-28 14:59:44 ----D---- C:\Program Files\Windows Media Player 2009-10-23 06:48:00 ----D---- C:\Windows\system32\migration 2009-10-20 07:22:13 ----D---- C:\Windows\Microsoft.NET 2009-10-20 07:22:06 ----RSD---- C:\Windows\assembly 2009-10-20 06:51:21 ----D---- C:\Windows\ehome ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 04:02:55]; \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 87536] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-31 4172288] R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-20 1331192] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-12-13 102784] R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-10-26 391168] R3 swivsp;AC8xx Virtual Serial Port; C:\Windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-07-24 201264] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2008-01-21 31616] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [] S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-02-21 23040] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-02-21 507904] S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-02-21 30208] S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-06-23 80424] S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-06-23 81960] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-23 16168] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2009-02-21 5632] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [] S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-02-21 149504] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-07-08 26760] S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80); C:\Windows\system32\DRIVERS\swnc8u80.sys [2008-05-20 167040] S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\Windows\system32\DRIVERS\swumx20.sys [] S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80); C:\Windows\system32\DRIVERS\swumx80.sys [2008-05-20 143360] S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872] S3 USB28xxBGA;WinTV HVR-900; C:\Windows\system32\DRIVERS\emBDA.sys [2008-09-25 559616] S3 USB28xxOEM;WinTV OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2008-09-25 132224] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-31 724992] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-12-10 322624] R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe [2008-10-26 237657] R2 TVCapSvc;TV Background Capture Service (TVBCS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-09 296320] R2 TVSched;TV Task Scheduler (TVTS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-09 116096] R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-11-18 599344] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-14 182768] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592] S4 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] S4 EPGService;EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2008-08-27 442880] S4 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-07-17 250616] S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208] S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232] S4 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 [] S4 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-12-17 365952] -----------------EOF----------------- und dann: info.txt logfile of random's system information tool 1.06 2009-11-12 15:57:05 ======Uninstall list====== -->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe" -->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe" -->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe" -->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe" -->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe" -->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe" -->"C:\Program Files\HP Games\Escape the Museum\Uninstall.exe" -->"C:\Program Files\HP Games\FATE\Uninstall.exe" -->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe" -->"C:\Program Files\HP Games\Granny in Paradise\Uninstall.exe" -->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe" -->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe" -->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe" -->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe" -->"C:\Program Files\HP Games\Peggle\Uninstall.exe" -->"C:\Program Files\HP Games\Penguins!\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe" -->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Snowy - Treasure Hunter 2\Uninstall.exe" -->"C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe" -->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe" -->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe" -->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe" -->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe" Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001} Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11} AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" Browser Defender 2.0.6.10-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe" Catalyst Control Center - Branding-->MsiExec.exe /I{187817E2-6407-461C-B59B-56CE73363D34} Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall DigitalPersona Personal 4.0-->MsiExec.exe /I{9DCD625E-B0C1-47EA-B905-6108279623F8} Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43} FUSSBALL MANAGER 09-->C:\Program Files\EA SPORTS\FUSSBALL MANAGER 09\eauninstall.exe Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Hattrick Organizer (remove only)-->C:\HattrickOrganizer\Uninstall.exe Hauppauge German Help Files and Resources-->C:\PROGRA~1\WinTV\UNHLPdeu.EXE C:\PROGRA~1\WinTV\WTV2Kdeu.LOG Hauppauge MCE XP/Vista Software Encoder (2.0.26268)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG Hauppauge WinTV DVB-T EPG Service-->C:\Windows\System32\UNWISE.EXE C:\Windows\System32\UnEPGService.LOG Hauppauge WinTV Infrared Remote-->C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG Hauppauge WinTV Location Manager-->C:\Windows\System32\UNWISE.EXE C:\Windows\System32\UnhcwLocMgr.LOG Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.log Hauppauge WinTV Soft PVR-->C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG Hauppauge WinTV-->C:\PROGRA~1\WinTV\UNTV6.EXE C:\PROGRA~1\WinTV\WINTV6.LOG HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly HP Common Access Service Library-->MsiExec.exe /I{732A3F80-008B-4350-BD58-EC5AE98707B8} HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E} HP Integrated Module with Bluetooth wireless technology 6.0.1.6204-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS HP MediaSmart SmartMenu-->MsiExec.exe /I{A7AC8E69-01FF-494E-9A2C-423B82CEA604} HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\Setup.exe" /z-uninstall HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\Setup.exe" /z-uninstall HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /z HP Quick Launch Buttons 6.40 L1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 uninst HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95A747E0-DF19-46CB-A622-20A0107201BD}\setup.exe" -l0x9 -removeonly HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42} HP User Guides 0134-->MsiExec.exe /X{6ABE0E28-3A8E-4ADC-A050-784064B76236} HP Wireless Assistant-->MsiExec.exe /X{E5E29403-3D25-40C6-892B-F9FEE2A95585} HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4} IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x7 -remove -removeonly InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} JMicron JMB38X Flash Media Controller Driver-->"C:\Windows\JMCR_DIR\setup.exe" delpkg LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C} Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} My HP Games-->"C:\Program Files\HP Games\Uninstall.exe" Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE} Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall ProtectSmart Hard Drive Protection-->MsiExec.exe /X{CB71A20E-B1B4-4562-81FA-33E1DBD0342F} Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Sierra Wireless 3G Watcher-->MsiExec.exe /I{B4DBD782-CA1F-40FE-845D-3ABD5B206BC3} Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG Station Launcher-->C:\Program Files\Sony\Station\Station Launcher\uninstall.exe Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Requirements Lab-->MsiExec.exe /I{9EBDAF91-DADA-47CE-94F2-F5B004007934} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} Validity Sensors software-->MsiExec.exe /X{F65B8208-5221-43D9-AA12-DDEA64EC4AF6} Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_1a3c82dd\enecir.inf =====HijackThis Backups===== R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-11-12] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb [2009-11-12] O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2009-11-12] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-11-12] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb [2009-11-12] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-12] O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-12] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-12] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb [2009-11-12] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-11-12] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-12] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [2009-11-12] O1 - Hosts: ::1 localhost [2009-11-12] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ [2009-11-12] O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12] O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-12] O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [2009-11-12] O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [2009-11-12] O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-11-12] O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab [2009-11-12] O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-12] O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [2009-11-12] O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [2009-11-12] O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe [2009-11-12] O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [2009-11-12] O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2009-11-12] O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-11-12] O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-12] O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-11-12] O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2009-11-12] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab [2009-11-12] O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [2009-11-12] O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-12] O4 - Global Startup: BTTray.lnk = ? [2009-11-12] O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') [2009-11-12] O13 - Gopher Prefix: [2009-11-12] O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe [2009-11-12] O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 [2009-11-12] O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-11-12] O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [2009-11-12] O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-11-12] O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2009-11-12] O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-11-12] O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2009-11-12] O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-12] O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-11-12] O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [2009-11-12] O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [2009-11-12] O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-11-12] O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12] O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [2009-11-12] O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" [2009-11-12] O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') [2009-11-12] O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-11-12] O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [2009-11-12] O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [2009-11-12] O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-12] O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2009-11-12] O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-12] O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground [2009-11-12] O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-11-12] O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html [2009-11-12] O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-12] O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [2009-11-12] O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [2009-11-12] O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [2009-11-12] O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12] O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') [2009-11-12] O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-11-12] O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe [2009-11-12] O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-11-12] O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2009-11-12] O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe [2009-11-12] O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [2009-11-12] O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe [2009-11-12] O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2009-11-12] O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-11-12] O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2009-11-12] O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-11-12] O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-12] O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-12] O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-11-12] O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-12] O17 - HKLM\System\CCS\Services\Tcpip\..\{7419F3E3-06FB-4E83-8B99-22A88BAFC6F3}: NameServer = 195.141.56.5 193.192.227.3 [2009-11-12] O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) [2009-11-12] O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe [2009-11-12] O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-11-12] O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe [2009-11-12] O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-12] O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-11-12] O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-12] O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-12] O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-12] O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-11-12] O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2009-11-12] O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12] O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-11-12] O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe [2009-11-12] O4 - Global Startup: BTTray.lnk = ? [2009-11-12] O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html [2009-11-12] O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') [2009-11-12] O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab [2009-11-12] O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-11-12] O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2009-11-12] O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [2009-11-12] O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 [2009-11-12] O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') [2009-11-12] O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [2009-11-12] O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12] O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-12] O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-11-12] O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [2009-11-12] O13 - Gopher Prefix: [2009-11-12] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-11-12] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab [2009-11-12] O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') [2009-11-12] O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-11-12] O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2009-11-12] O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-12] O17 - HKLM\System\CCS\Services\Tcpip\..\{7419F3E3-06FB-4E83-8B99-22A88BAFC6F3}: NameServer = 195.141.56.5 193.192.227.3 [2009-11-12] O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-12] O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-12] O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe [2009-11-12] O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe [2009-11-12] O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-11-12] O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-12] O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2009-11-12] O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-11-12] O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe [2009-11-12] O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-12] O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-12] O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) [2009-11-12] O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-11-12] O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-11-12] O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-11-12] O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe [2009-11-12] O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2009-11-12] O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe [2009-11-12] O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-11-12] O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-12] ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Muloo-PC Event Code: 7036 Message: Dienst "Windows Mobile-basierte Geräteverbindung" befindet sich jetzt im Status "Ausgeführt". Record Number: 36753 Source Name: Service Control Manager Time Written: 20091112145651.000000-000 Event Type: Informationen User: Computer Name: Muloo-PC Event Code: 7036 Message: Dienst "TPM-Basisdienste" befindet sich jetzt im Status "Beendet". Record Number: 36754 Source Name: Service Control Manager Time Written: 20091112145651.000000-000 Event Type: Informationen User: Computer Name: Muloo-PC Event Code: 537 Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden. Record Number: 36755 Source Name: Microsoft-Windows-TBS Time Written: 20091112145651.253771-000 Event Type: Informationen User: NT-AUTORITÄT\LOKALER DIENST Computer Name: Muloo-PC Event Code: 7036 Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt". Record Number: 36756 Source Name: Service Control Manager Time Written: 20091112145705.000000-000 Event Type: Informationen User: Computer Name: Muloo-PC Event Code: 7036 Message: Dienst "Windows Mobile 2003-basierte Geräteverbindung" befindet sich jetzt im Status "Ausgeführt". Record Number: 36757 Source Name: Service Control Manager Time Written: 20091112145705.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: Muloo-PC Event Code: 1 Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet. Record Number: 4480 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20091112145541.598771-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Muloo-PC Event Code: 1 Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet. Record Number: 4481 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20091112145551.300771-000 Event Type: Informationen User: Muloo-PC\Muloo Computer Name: Muloo-PC Event Code: 1 Message: Windows Mobile-Legacygeräteverbindung wurde gestartet. Record Number: 4482 Source Name: RapiMgr Time Written: 20091112145651.000000-000 Event Type: Informationen User: Computer Name: Muloo-PC Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 4483 Source Name: LightScribeService Time Written: 20091112145704.000000-000 Event Type: Informationen User: Computer Name: Muloo-PC Event Code: 1 Message: Windows Mobile-Legacygeräteverbindung wurde gestartet. Record Number: 4484 Source Name: WcesComm Time Written: 20091112145705.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: Muloo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7099 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091112145700.677771-000 Event Type: Überwachung gescheitert User: Computer Name: Muloo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7100 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091112145700.746771-000 Event Type: Überwachung gescheitert User: Computer Name: Muloo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7101 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091112145700.839771-000 Event Type: Überwachung gescheitert User: Computer Name: Muloo-PC Event Code: 5038 Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen. Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys Record Number: 7102 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091112145700.909771-000 Event Type: Überwachung gescheitert User: Computer Name: Muloo-PC Event Code: 5032 Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann. Fehlercode: 2 Record Number: 7103 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091112145710.322771-000 Event Type: Überwachung gescheitert User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "OnlineServices"=Online Services "Platform"=MCD "PCBRAND"=Pavilion -----------------EOF----------------- GMER funz immer noch nicht bei jedem scan stürzt mir die Kiste ab 
|
|
|
|
|
|
|
12.11.2009, 17:42
Member
Beiträge: 694 |
#4
Hi,
Whow, da ist ein munterer Zoo zu Gast... Deine externen USB-Platten/Sticks dürften verseucht sein, jede Menge verseuchter Mountpoints... Code ...Das Gmer abstürzt deutet auf eine bestimmte TDSS-Variante (Rootkit) hin... Gehe wie folgt vor: CF runterladen (siehe unten), alle externen Datenträger mit gedrückter Shift - Taste gedrückt halten anschließen: Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Danach noch bitte das hier: http://ad13.geekstogo.com/RootRepeal.zip Auspacken und laufen lassen, Log hier posten... http://www.technibble.com/articlecontent/2009/07/rootrepeal.gif Scan und dann Save Report chris Dieser Beitrag wurde am 12.11.2009 um 17:54 Uhr von Chris4You editiert.
|
|
|
|
|
|
|
13.11.2009, 09:57
Member
Themenstarter Beiträge: 34 |
#5
ComboFix 09-11-13.04 - Muloo 13.11.2009 8:18.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.41.1031.18.3038.1899 [GMT 1:00] ausgeführt von:: c:\users\Muloo\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-189395816-1449435903-107672537-500 c:\$recycle.bin\S-1-5-21-2766002659-4142239451-994073670-500 c:\windows\010112010146101105.rx c:\windows\010112010146116101.xxe c:\windows\0101120101465050.xxe c:\windows\0101120101465150.xxe c:\windows\0101120101465155.xxe c:\windows\bk23567.dat c:\windows\system32\oem10.inf . ((((((((((((((((((((((( Dateien erstellt von 2009-10-13 bis 2009-11-13 )))))))))))))))))))))))))))))) . 2009-11-13 07:36 . 2009-11-13 07:37 -------- d-----w- c:\users\Muloo\AppData\Local\temp 2009-11-13 07:36 . 2009-11-13 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-12 14:56 . 2009-11-12 14:57 -------- d-----w- C:\rsit 2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\program files\Trend Micro 2009-11-11 16:48 . 2009-11-11 16:48 27 ----a-w- c:\windows\bk20856.dat 2009-11-11 08:06 . 2009-11-11 08:06 -------- d-----w- c:\users\Muloo\AppData\Roaming\Malwarebytes 2009-11-11 08:05 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-11 08:05 . 2009-11-11 08:06 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-11 08:05 . 2009-11-11 08:05 -------- d-----w- c:\programdata\Malwarebytes 2009-11-11 08:05 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-11 07:23 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 07:22 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-10 15:55 . 2009-11-10 15:55 -------- d-----w- c:\users\Muloo\AppData\Local\Threat Expert 2009-11-10 15:45 . 2009-11-10 15:45 -------- d-----w- c:\users\Muloo\AppData\Roaming\PC Tools 2009-11-10 15:45 . 2009-11-10 15:45 -------- d-----w- c:\programdata\PC Tools 2009-11-10 14:15 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-10 14:15 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-10 14:15 . 2009-11-10 14:15 -------- d-----w- c:\programdata\Avira 2009-11-10 14:15 . 2009-11-10 14:15 -------- d-----w- c:\program files\Avira 2009-10-30 07:03 . 2009-02-17 19:38 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2009-10-30 07:03 . 2008-12-30 10:57 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys 2009-10-30 07:03 . 2008-12-13 10:27 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2009-10-30 07:03 . 2008-04-14 08:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2009-10-30 07:03 . 2007-08-09 03:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2009-10-30 07:03 . 2009-10-30 07:04 40960 d-----w- c:\program files\Mobile Partner 2009-10-28 09:10 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 09:10 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-22 08:16 . 2009-10-23 05:49 4096 d-----w- c:\programdata\NOS 2009-10-22 08:16 . 2009-10-22 08:16 -------- d-----w- c:\program files\NOS 2009-10-19 15:09 . 2009-10-19 15:09 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2009-10-19 06:11 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-19 06:11 . 2009-08-05 17:15 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-19 06:11 . 2009-08-05 17:15 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-19 06:10 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-10-19 06:10 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-10-19 06:10 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2009-10-19 06:10 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-19 06:10 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-13 07:38 . 2009-11-10 15:45 40960 d-----w- c:\program files\Spyware Doctor 2009-11-13 07:12 . 2009-02-21 09:18 653034 ----a-w- c:\windows\system32\perfh010.dat 2009-11-13 07:12 . 2009-02-21 09:18 119750 ----a-w- c:\windows\system32\perfc010.dat 2009-11-13 07:12 . 2009-02-21 09:13 618442 ----a-w- c:\windows\system32\perfh007.dat 2009-11-13 07:12 . 2009-02-21 09:13 122842 ----a-w- c:\windows\system32\perfc007.dat 2009-11-13 07:12 . 2009-02-21 09:08 659180 ----a-w- c:\windows\system32\perfh00C.dat 2009-11-13 07:12 . 2009-02-21 09:08 122976 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-12 19:50 . 2009-07-20 01:15 12 ----a-w- c:\windows\bthservsdp.dat 2009-11-12 13:38 . 2009-08-31 14:06 131072 d-----w- c:\program files\StarWarsGalaxies 2009-11-12 12:57 . 2009-10-07 12:10 -------- d-----w- c:\program files\SystemRequirementsLab 2009-11-12 12:57 . 2009-09-29 06:33 4096 d-----w- c:\program files\Download Manager 2009-11-12 02:19 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-12 02:03 . 2009-08-31 13:12 8192 d-----w- c:\programdata\Microsoft Help 2009-11-10 15:50 . 2009-11-10 15:45 -------- d-----w- c:\program files\Common Files\PC Tools 2009-11-02 19:42 . 2009-10-05 06:42 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-26 07:00 . 2009-09-07 14:30 6836 ----a-w- c:\users\Muloo\AppData\Local\d3d9caps.dat 2009-10-08 10:31 . 2009-11-10 15:50 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-10-08 10:31 . 2009-11-10 15:50 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-10-08 10:31 . 2009-11-10 15:50 1636304 ----a-w- c:\windows\PCTBDCore.dll 2009-10-08 10:31 . 2009-11-10 15:50 767952 ----a-w- c:\windows\BDTSupport.dll 2009-10-07 12:00 . 2009-02-21 02:55 4096 d-----w- c:\program files\Java 2009-10-06 15:31 . 2009-11-10 15:45 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-02 13:19 . 2009-11-10 15:50 1152470 ----a-w- c:\windows\UDB.zip 2009-09-29 06:33 . 2009-09-29 06:33 -------- d-----w- c:\users\Muloo\AppData\Roaming\IGN_DLM 2009-09-24 07:55 . 2009-11-10 15:45 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2009-09-24 07:55 . 2009-11-10 15:45 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-09-23 15:10 . 2009-11-10 15:45 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-09-23 11:01 . 2009-09-23 11:01 -------- d-----w- c:\program files\Sun 2009-09-17 05:56 . 2009-02-21 02:25 4096 d-----w- c:\programdata\CyberLink 2009-09-17 05:53 . 2009-07-20 02:06 36864 ----a-w- c:\programdata\Temp\{67626E09-5366-4480-8F1E-93FADF50CA15}\PostBuild.exe 2009-09-16 02:20 . 2009-11-10 15:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 07:21 . 2009-09-15 07:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf 2009-09-15 05:20 . 2009-11-10 15:45 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2009-09-15 01:12 . 2009-11-10 15:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 00:01 . 2009-11-10 15:45 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-14 12:00 . 2009-09-14 12:00 -------- d-----w- c:\program files\Google 2009-09-03 08:45 . 2009-11-10 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-09-01 14:03 . 2009-09-01 14:02 15235224 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\de\Installers\SetupGamesClient.exe 2009-09-01 13:36 . 2009-09-01 13:36 0 ----a-w- c:\windows\nsreg.dat 2009-08-31 16:05 . 2009-08-31 13:22 75264 ----a-w- c:\users\Muloo\AppData\Local\GDIPFONTCACHEV1.DAT 2009-08-31 14:31 . 2009-08-31 14:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-08-28 12:39 . 2009-09-03 06:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-03 06:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 05:22 . 2009-10-22 05:34 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-22 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-22 05:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-22 05:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-02-21 09:42 . 2009-02-21 09:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216] [HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [10.11.2009 16:45 207280] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 04:02];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [28.11.2008 17:04 87536] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe [20.07.2009 02:23 77824] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [10.11.2009 15:15 108289] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.01.2008 03:23 21504] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.03.2008 15:24 19456] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10.11.2009 16:45 358600] R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [09.02.2009 17:14 296320] R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [09.02.2009 17:14 116096] R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [18.11.2008 05:09 599344] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04.09.2008 18:47 54784] R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23.10.2008 10:42 107360] R3 swivsp;AC8xx Virtual Serial Port;c:\windows\System32\drivers\swivspnt.sys [26.03.2007 13:18 20352] S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [21.01.2008 03:23 21504] S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\System32\drivers\swnc8u80.sys [20.05.2008 15:24 167040] S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\System32\drivers\swumx80.sys [20.05.2008 15:25 143360] S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10.11.2009 16:50 112592] S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21.02.2009 02:45 222512] S4 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [02.09.2009 14:15 442880] S4 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?] S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21.02.2009 04:27 365952] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PCTSDInjDriver32 *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr getPlusHelper REG_MULTI_SZ getPlusHelper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Zusätzlicher Suchlauf ------- . TCP: {7419F3E3-06FB-4E83-8B99-22A88BAFC6F3} = 195.141.56.5 193.192.227.3 FF - ProfilePath - c:\users\Muloo\AppData\Roaming\Mozilla\Firefox\Profiles\sur41b9x.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-AirCardEnabler - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-13 08:37 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-189395816-1449435903-107672537-1000\Software\SecuROM\License information*] "datasecu"=hex:a1,cb,b2,6c,fa,0c,c4,4a,8f,c3,5b,ab,ca,13,74,d1,6d,44,88,5b,e8, 9b,2b,cb,08,9e,b3,87,f6,52,00,43,6c,55,7a,6c,66,ce,6c,20,e7,ba,f3,03,13,35,\ "rkeysecu"=hex:b3,37,c4,c2,0c,ce,58,3a,47,79,85,69,d7,ac,80,ff [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'lsass.exe'(720) c:\windows\system32\DPPWDFLT.dll . Zeit der Fertigstellung: 2009-11-13 08:42 ComboFix-quarantined-files.txt 2009-11-13 07:42 Vor Suchlauf: 10 Verzeichnis(se), 368'982'106'112 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 370'026'553'344 Bytes frei Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 36258E219BDF4F9788BB64F5CFF535EF ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/11/13 09:54 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: 000.fcl Image Path: C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl Address: 0x9DE07000 Size: 180224 File Visible: - Signed: - Status: - Name: 1394BUS.SYS Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS Address: 0x8F37A000 Size: 57344 File Visible: - Signed: - Status: - Name: Accelerometer.sys Image Path: C:\Windows\system32\DRIVERS\Accelerometer.sys Address: 0x8F62F000 Size: 45056 File Visible: - Signed: - Status: - Name: acpi.sys Image Path: C:\Windows\system32\drivers\acpi.sys Address: 0x8068A000 Size: 286720 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x8220A000 Size: 3907584 File Visible: - Signed: - Status: - Name: adp94xx.sys Image Path: C:\Windows\system32\drivers\adp94xx.sys Address: 0x82D71000 Size: 434176 File Visible: - Signed: - Status: - Name: adpahci.sys Image Path: C:\Windows\system32\drivers\adpahci.sys Address: 0x82E0B000 Size: 311296 File Visible: - Signed: - Status: - Name: adpu160m.sys Image Path: C:\Windows\system32\drivers\adpu160m.sys Address: 0x82E57000 Size: 110592 File Visible: - Signed: - Status: - Name: adpu320.sys Image Path: C:\Windows\system32\drivers\adpu320.sys Address: 0x82E98000 Size: 155648 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\Windows\system32\drivers\afd.sys Address: 0x8FB8E000 Size: 294912 File Visible: - Signed: - Status: - Name: aliide.sys Image Path: C:\Windows\system32\drivers\aliide.sys Address: 0x807EF000 Size: 28672 File Visible: - Signed: - Status: - Name: amdide.sys Image Path: C:\Windows\system32\drivers\amdide.sys Address: 0x807F6000 Size: 28672 File Visible: - Signed: - Status: - Name: arc.sys Image Path: C:\Windows\system32\drivers\arc.sys Address: 0x82ED2000 Size: 90112 File Visible: - Signed: - Status: - Name: arcsas.sys Image Path: C:\Windows\system32\drivers\arcsas.sys Address: 0x82EE8000 Size: 90112 File Visible: - Signed: - Status: - Name: asyncmac.sys Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys Address: 0x9DE63000 Size: 36864 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: C:\Windows\system32\drivers\atapi.sys Address: 0x82CDB000 Size: 32768 File Visible: - Signed: - Status: - Name: ataport.SYS Image Path: C:\Windows\system32\drivers\ataport.SYS Address: 0x82CE3000 Size: 122880 File Visible: - Signed: - Status: - Name: atikmdag.sys Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys Address: 0x8EC0E000 Size: 6180864 File Visible: - Signed: - Status: - Name: avgio.sys Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys Address: 0x8FEEF000 Size: 6144 File Visible: - Signed: - Status: - Name: avgntflt.sys Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys Address: 0x8FFD2000 Size: 81920 File Visible: - Signed: - Status: - Name: avipbb.sys Image Path: C:\Windows\system32\DRIVERS\avipbb.sys Address: 0x8FED3000 Size: 114688 File Visible: - Signed: - Status: - Name: BATTC.SYS Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS Address: 0x80777000 Size: 40960 File Visible: - Signed: - Status: - Name: bcmwl6.sys Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys Address: 0x8F200000 Size: 1343488 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\Windows\System32\Drivers\Beep.SYS Address: 0x8FAFE000 Size: 28672 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\Windows\system32\BOOTVID.dll Address: 0x80487000 Size: 32768 File Visible: - Signed: - Status: - Name: bowser.sys Image Path: C:\Windows\system32\DRIVERS\bowser.sys Address: 0x9B79D000 Size: 102400 File Visible: - Signed: - Status: - Name: catchme.sys Image Path: C:\Users\Muloo\AppData\Local\Temp\catchme.sys Address: 0x9DE6E000 Size: 31744 File Visible: No Signed: - Status: - Name: cdd.dll Image Path: C:\Windows\System32\cdd.dll Address: 0x97840000 Size: 57344 File Visible: - Signed: - Status: - Name: cdfs.sys Image Path: C:\Windows\system32\DRIVERS\cdfs.sys Address: 0x8FF66000 Size: 90112 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\Windows\system32\DRIVERS\cdrom.sys Address: 0x8F60E000 Size: 98304 File Visible: - Signed: - Status: - Name: CI.dll Image Path: C:\Windows\system32\CI.dll Address: 0x804D0000 Size: 917504 File Visible: - Signed: - Status: - Name: circlass.sys Image Path: C:\Windows\system32\DRIVERS\circlass.sys Address: 0x8F746000 Size: 57344 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS Address: 0x82C0A000 Size: 135168 File Visible: - Signed: - Status: - Name: CLFS.SYS Image Path: C:\Windows\system32\CLFS.SYS Address: 0x8048F000 Size: 266240 File Visible: - Signed: - Status: - Name: CmBatt.sys Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys Address: 0x8B409000 Size: 14208 File Visible: - Signed: - Status: - Name: cmdide.sys Image Path: C:\Windows\system32\drivers\cmdide.sys Address: 0x805B0000 Size: 32768 File Visible: - Signed: - Status: - Name: compbatt.sys Image Path: C:\Windows\system32\DRIVERS\compbatt.sys Address: 0x80774000 Size: 10496 File Visible: - Signed: - Status: - Name: crashdmp.sys Image Path: C:\Windows\System32\Drivers\crashdmp.sys Address: 0x8FF7C000 Size: 53248 File Visible: - Signed: - Status: - Name: crcdisk.sys Image Path: C:\Windows\system32\drivers\crcdisk.sys Address: 0x8B5CA000 Size: 36864 File Visible: - Signed: - Status: - Name: dfsc.sys Image Path: C:\Windows\System32\Drivers\dfsc.sys Address: 0x8FEBC000 Size: 94208 File Visible: - Signed: - Status: - Name: disk.sys Image Path: C:\Windows\system32\drivers\disk.sys Address: 0x8B5B9000 Size: 69632 File Visible: - Signed: - Status: - Name: djsvs.sys Image Path: C:\Windows\system32\drivers\djsvs.sys Address: 0x82EBE000 Size: 81920 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\Windows\system32\drivers\drmk.sys Address: 0x8FA32000 Size: 151552 File Visible: - Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8FF89000 Size: 45056 File Visible: No Signed: - Status: - Name: dump_msahci.sys Image Path: C:\Windows\System32\Drivers\dump_msahci.sys Address: 0x8FF94000 Size: 40960 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\Windows\System32\drivers\Dxapi.sys Address: 0x8FF9E000 Size: 40960 File Visible: - Signed: - Status: - Name: dxgkrnl.sys Image Path: C:\Windows\System32\drivers\dxgkrnl.sys Address: 0x8B320000 Size: 651264 File Visible: - Signed: - Status: - Name: ecache.sys Image Path: C:\Windows\System32\drivers\ecache.sys Address: 0x8B589000 Size: 159744 File Visible: - Signed: - Status: - Name: elxstor.sys Image Path: C:\Windows\system32\drivers\elxstor.sys Address: 0x82EFE000 Size: 606208 File Visible: - Signed: - Status: - Name: enecir.sys Image Path: C:\Windows\system32\DRIVERS\enecir.sys Address: 0x82DDB000 Size: 98304 File Visible: - Signed: - Status: - Name: ewusbmdm.sys Image Path: C:\Windows\system32\DRIVERS\ewusbmdm.sys Address: 0x8FF3A000 Size: 102784 File Visible: - Signed: - Status: - Name: fileinfo.sys Image Path: C:\Windows\system32\drivers\fileinfo.sys Address: 0x8AD67000 Size: 65536 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: C:\Windows\system32\drivers\fltmgr.sys Address: 0x806D9000 Size: 204800 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS Address: 0x8FAEE000 Size: 36864 File Visible: - Signed: - Status: - Name: fwpkclnt.sys Image Path: C:\Windows\System32\drivers\fwpkclnt.sys Address: 0x8B2F6000 Size: 110592 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\Windows\system32\hal.dll Address: 0x825C4000 Size: 208896 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys Address: 0x8B3BF000 Size: 73728 File Visible: - Signed: - Status: - Name: HdAudio.sys Image Path: C:\Windows\system32\drivers\HdAudio.sys Address: 0x8F7B0000 Size: 258048 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Address: 0x8FAC6000 Size: 65536 File Visible: - Signed: - Status: - Name: hidir.sys Image Path: C:\Windows\system32\DRIVERS\hidir.sys Address: 0x8FABB000 Size: 45056 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Address: 0x8FAD6000 Size: 28672 File Visible: - Signed: - Status: - Name: hidusb.sys Image Path: C:\Windows\system32\DRIVERS\hidusb.sys Address: 0x8FEF9000 Size: 36864 File Visible: - Signed: - Status: - Name: hpcisss.sys Image Path: C:\Windows\system32\drivers\hpcisss.sys Address: 0x82D66000 Size: 45056 File Visible: - Signed: - Status: - Name: hpdskflt.sys Image Path: C:\Windows\system32\DRIVERS\hpdskflt.sys Address: 0x8B5B0000 Size: 36864 File Visible: - Signed: - Status: - Name: HpqKbFiltr.sys Image Path: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys Address: 0x8F3B8000 Size: 16768 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\Windows\system32\drivers\HTTP.sys Address: 0x9B715000 Size: 438272 File Visible: - Signed: - Status: - Name: i2omp.sys Image Path: C:\Windows\system32\drivers\i2omp.sys Address: 0x82F92000 Size: 40960 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys Address: 0x8F3A5000 Size: 77824 File Visible: - Signed: - Status: - Name: iastorv.sys Image Path: C:\Windows\system32\drivers\iastorv.sys Address: 0x82C3A000 Size: 659456 File Visible: - Signed: - Status: - Name: iirsp.sys Image Path: C:\Windows\system32\drivers\iirsp.sys Address: 0x82F9C000 Size: 65536 File Visible: - Signed: - Status: - Name: intelide.sys Image Path: C:\Windows\system32\drivers\intelide.sys Address: 0x807DA000 Size: 28672 File Visible: - Signed: - Status: - Name: intelppm.sys Image Path: C:\Windows\system32\DRIVERS\intelppm.sys Address: 0x8B311000 Size: 61440 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: C:\Windows\system32\drivers\isapnp.sys Address: 0x8073A000 Size: 61440 File Visible: - Signed: - Status: - Name: iteatapi.sys Image Path: C:\Windows\system32\drivers\iteatapi.sys Address: 0x82FAC000 Size: 49152 File Visible: - Signed: - Status: - Name: iteraid.sys Image Path: C:\Windows\system32\drivers\iteraid.sys Address: 0x82FB8000 Size: 49152 File Visible: - Signed: - Status: - Name: jmcr.sys Image Path: C:\Windows\system32\DRIVERS\jmcr.sys Address: 0x8F388000 Size: 118784 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys Address: 0x8F3BD000 Size: 45056 File Visible: - Signed: - Status: - Name: kbdhid.sys Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys Address: 0x8FADD000 Size: 36864 File Visible: - Signed: - Status: - Name: kdcom.dll Image Path: C:\Windows\system32\kdcom.dll Address: 0x8040E000 Size: 32768 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\Windows\system32\DRIVERS\ks.sys Address: 0x8F71C000 Size: 172032 File Visible: - Signed: - Status: - Name: ksecdd.sys Image Path: C:\Windows\System32\Drivers\ksecdd.sys Address: 0x8B00C000 Size: 462848 File Visible: - Signed: - Status: - Name: lltdio.sys Image Path: C:\Windows\system32\DRIVERS\lltdio.sys Address: 0x9B6BE000 Size: 65536 File Visible: - Signed: - Status: - Name: lsi_fc.sys Image Path: C:\Windows\system32\drivers\lsi_fc.sys Address: 0x82FC4000 Size: 106496 File Visible: - Signed: - Status: - Name: lsi_sas.sys Image Path: C:\Windows\system32\drivers\lsi_sas.sys Address: 0x82FDE000 Size: 98304 File Visible: - Signed: - Status: - Name: lsi_scsi.sys Image Path: C:\Windows\system32\drivers\lsi_scsi.sys Address: 0x82D01000 Size: 106496 File Visible: - Signed: - Status: - Name: luafv.sys Image Path: C:\Windows\system32\drivers\luafv.sys Address: 0x8FFB7000 Size: 110592 File Visible: - Signed: - Status: - Name: mcupdate_GenuineIntel.dll Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll Address: 0x80416000 Size: 393216 File Visible: - Signed: - Status: - Name: megasas.sys Image Path: C:\Windows\system32\drivers\megasas.sys Address: 0x82FF6000 Size: 40960 File Visible: - Signed: - Status: - Name: megasr.sys Image Path: C:\Windows\system32\drivers\megasr.sys Address: 0x8AC01000 Size: 749568 File Visible: - Signed: - Status: - Name: modem.sys Image Path: C:\Windows\system32\drivers\modem.sys Address: 0x8F67B000 Size: 53248 File Visible: - Signed: - Status: - Name: monitor.sys Image Path: C:\Windows\system32\DRIVERS\monitor.sys Address: 0x8FFA8000 Size: 61440 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\Windows\system32\DRIVERS\mouclass.sys Address: 0x8B3E0000 Size: 45056 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\Windows\system32\DRIVERS\mouhid.sys Address: 0x8FAE6000 Size: 32768 File Visible: - Signed: - Status: - Name: mountmgr.sys Image Path: C:\Windows\System32\drivers\mountmgr.sys Address: 0x805B8000 Size: 65536 File Visible: - Signed: - Status: - Name: mpio.sys Image Path: C:\Windows\system32\drivers\mpio.sys Address: 0x80749000 Size: 114688 File Visible: - Signed: - Status: - Name: mpsdrv.sys Image Path: C:\Windows\System32\drivers\mpsdrv.sys Address: 0x9B7B6000 Size: 86016 File Visible: - Signed: - Status: - Name: mraid35x.sys Image Path: C:\Windows\system32\drivers\mraid35x.sys Address: 0x8ACB8000 Size: 45056 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\Windows\system32\drivers\mrxdav.sys Address: 0x9B7CB000 Size: 131072 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys Address: 0x8FBD6000 Size: 126976 File Visible: - Signed: - Status: - Name: mrxsmb10.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys Address: 0x9CE06000 Size: 233472 File Visible: - Signed: - Status: - Name: mrxsmb20.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys Address: 0x9CE3F000 Size: 98304 File Visible: - Signed: - Status: - Name: msahci.sys Image Path: C:\Windows\system32\drivers\msahci.sys Address: 0x82D5C000 Size: 40960 File Visible: - Signed: - Status: - Name: msdsm.sys Image Path: C:\Windows\system32\drivers\msdsm.sys Address: 0x805C8000 Size: 106496 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\Windows\System32\Drivers\Msfs.SYS Address: 0x8FB42000 Size: 45056 File Visible: - Signed: - Status: - Name: msisadrv.sys Image Path: C:\Windows\system32\drivers\msisadrv.sys Address: 0x8070B000 Size: 32768 File Visible: - Signed: - Status: - Name: msiscsi.sys Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys Address: 0x8F63A000 Size: 188416 File Visible: - Signed: - Status: - Name: msrpc.sys Image Path: C:\Windows\system32\drivers\msrpc.sys Address: 0x8B188000 Size: 176128 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys Address: 0x8F754000 Size: 40960 File Visible: - Signed: - Status: - Name: mup.sys Image Path: C:\Windows\System32\Drivers\mup.sys Address: 0x8B57A000 Size: 61440 File Visible: - Signed: - Status: - Name: ndis.sys Image Path: C:\Windows\system32\drivers\ndis.sys Address: 0x8B07D000 Size: 1093632 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys Address: 0x8F69F000 Size: 45056 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys Address: 0x9B6F8000 Size: 40960 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys Address: 0x8F6AA000 Size: 143360 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\Windows\System32\Drivers\NDProxy.SYS Address: 0x8F79F000 Size: 69632 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\Windows\system32\DRIVERS\netbios.sys Address: 0x8FE4F000 Size: 57344 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\Windows\System32\DRIVERS\netbt.sys Address: 0x8FE07000 Size: 204800 File Visible: - Signed: - Status: - Name: NETIO.SYS Image Path: C:\Windows\system32\drivers\NETIO.SYS Address: 0x8B1B3000 Size: 237568 File Visible: - Signed: - Status: - Name: nfrd960.sys Image Path: C:\Windows\system32\drivers\nfrd960.sys Address: 0x8ACC3000 Size: 57344 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\Windows\System32\Drivers\Npfs.SYS Address: 0x8FB4D000 Size: 57344 File Visible: - Signed: - Status: - Name: nsiproxy.sys Image Path: C:\Windows\system32\drivers\nsiproxy.sys Address: 0x8FEB2000 Size: 40960 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: C:\Windows\System32\Drivers\Ntfs.sys Address: 0x8B40D000 Size: 1110016 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\Windows\system32\ntkrnlpa.exe Address: 0x8220A000 Size: 3907584 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\Windows\System32\Drivers\Null.SYS Address: 0x8FAF7000 Size: 28672 File Visible: - Signed: - Status: - Name: nvraid.sys Image Path: C:\Windows\system32\drivers\nvraid.sys Address: 0x805E2000 Size: 110592 File Visible: - Signed: - Status: - Name: nvstor.sys Image Path: C:\Windows\system32\drivers\nvstor.sys Address: 0x8ACD1000 Size: 53248 File Visible: - Signed: - Status: - Name: nwifi.sys Image Path: C:\Windows\system32\DRIVERS\nwifi.sys Address: 0x9B6CE000 Size: 172032 File Visible: - Signed: - Status: - Name: ohci1394.sys Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys Address: 0x8F36A000 Size: 61952 File Visible: - Signed: - Status: - Name: pacer.sys Image Path: C:\Windows\system32\DRIVERS\pacer.sys Address: 0x8FE39000 Size: 90112 File Visible: - Signed: - Status: - Name: partmgr.sys Image Path: C:\Windows\System32\drivers\partmgr.sys Address: 0x80765000 Size: 61440 File Visible: - Signed: - Status: - Name: pci.sys Image Path: C:\Windows\system32\drivers\pci.sys Address: 0x80713000 Size: 159744 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: C:\Windows\system32\drivers\pciide.sys Address: 0x82C2B000 Size: 28672 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS Address: 0x807E1000 Size: 57344 File Visible: - Signed: - Status: - Name: PCTCore.sys Image Path: C:\Windows\system32\drivers\PCTCore.sys Address: 0x8AD77000 Size: 225280 File Visible: - Signed: - Status: - Name: PCTSDInj32.sys Image Path: C:\Program Files\Spyware Doctor\PCTSDInj32.sys Address: 0x9DE5C000 Size: 26944 File Visible: - Signed: - Status: - Name: peauth.sys Image Path: C:\Windows\system32\drivers\peauth.sys Address: 0x9CEE2000 Size: 909312 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x8220A000 Size: 3907584 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\Windows\system32\drivers\portcls.sys Address: 0x8FA05000 Size: 184320 File Visible: - Signed: - Status: - Name: PROCEXP113.SYS Image Path: C:\Windows\system32\Drivers\PROCEXP113.SYS Address: 0x9DE6C000 Size: 7872 File Visible: No Signed: - Status: - Name: PSHED.dll Image Path: C:\Windows\system32\PSHED.dll Address: 0x80476000 Size: 69632 File Visible: - Signed: - Status: - Name: ql2300.sys Image Path: C:\Windows\system32\drivers\ql2300.sys Address: 0x8AE06000 Size: 1277952 File Visible: - Signed: - Status: - Name: ql40xx.sys Image Path: C:\Windows\system32\drivers\ql40xx.sys Address: 0x8AF3E000 Size: 348160 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\Windows\System32\DRIVERS\rasacd.sys Address: 0x8FB5B000 Size: 36864 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys Address: 0x8F688000 Size: 94208 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys Address: 0x8F6CD000 Size: 61440 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\Windows\system32\DRIVERS\raspptp.sys Address: 0x8F6DC000 Size: 81920 File Visible: - Signed: - Status: - Name: rassstp.sys Image Path: C:\Windows\system32\DRIVERS\rassstp.sys Address: 0x8F6F0000 Size: 86016 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x8220A000 Size: 3907584 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\Windows\system32\DRIVERS\rdbss.sys Address: 0x8FE76000 Size: 245760 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys Address: 0x8FB32000 Size: 32768 File Visible: - Signed: - Status: - Name: rdpencdd.sys Image Path: C:\Windows\system32\drivers\rdpencdd.sys Address: 0x8FB3A000 Size: 32768 File Visible: - Signed: - Status: - Name: RootMdm.sys Image Path: C:\Windows\System32\Drivers\RootMdm.sys Address: 0x8F673000 Size: 32768 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x9DE7C000 Size: 49152 File Visible: No Signed: - Status: - Name: rspndr.sys Image Path: C:\Windows\system32\DRIVERS\rspndr.sys Address: 0x9B702000 Size: 77824 File Visible: - Signed: - Status: - Name: Rtlh86.sys Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys Address: 0x8F348000 Size: 139264 File Visible: - Signed: - Status: - Name: sbp2port.sys Image Path: C:\Windows\system32\drivers\sbp2port.sys Address: 0x8B565000 Size: 86016 File Visible: - Signed: - Status: - Name: SCSIPORT.SYS Image Path: C:\Windows\system32\drivers\SCSIPORT.SYS Address: 0x82E72000 Size: 155648 File Visible: - Signed: - Status: - Name: secdrv.SYS Image Path: C:\Windows\System32\Drivers\secdrv.SYS Address: 0x9CFC0000 Size: 40960 File Visible: - Signed: - Status: - Name: sisraid2.sys Image Path: C:\Windows\system32\drivers\sisraid2.sys Address: 0x8AF93000 Size: 53248 File Visible: - Signed: - Status: - Name: sisraid4.sys Image Path: C:\Windows\system32\drivers\sisraid4.sys Address: 0x8AFA0000 Size: 86016 File Visible: - Signed: - Status: - Name: smb.sys Image Path: C:\Windows\system32\DRIVERS\smb.sys Address: 0x8FB7A000 Size: 81920 File Visible: - Signed: - Status: - Name: spldr.sys Image Path: C:\Windows\System32\Drivers\spldr.sys Address: 0x8B55D000 Size: 32768 File Visible: - Signed: - Status: - Name: spsys.sys Image Path: C:\Windows\system32\drivers\spsys.sys Address: 0x9B60F000 Size: 716800 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\Windows\System32\DRIVERS\srv.sys Address: 0x9CE7E000 Size: 311296 File Visible: - Signed: - Status: - Name: srv2.sys Image Path: C:\Windows\System32\DRIVERS\srv2.sys Address: 0x9CE57000 Size: 159744 File Visible: - Signed: - Status: - Name: srvnet.sys Image Path: C:\Windows\System32\DRIVERS\srvnet.sys Address: 0x9B780000 Size: 118784 File Visible: - Signed: - Status: - Name: ssmdrv.sys Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys Address: 0x8FE70000 Size: 23040 File Visible: - Signed: - Status: - Name: storport.sys Image Path: C:\Windows\system32\drivers\storport.sys Address: 0x82D1B000 Size: 266240 File Visible: - Signed: - Status: - Name: stwrt.sys Image Path: C:\Windows\system32\DRIVERS\stwrt.sys Address: 0x8FA57000 Size: 409600 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\Windows\system32\DRIVERS\swenum.sys Address: 0x8F71A000 Size: 4992 File Visible: - Signed: - Status: - Name: swivspnt.sys Image Path: C:\Windows\system32\DRIVERS\swivspnt.sys Address: 0x8F705000 Size: 20352 File Visible: - Signed: - Status: - Name: sym_hi.sys Image Path: C:\Windows\system32\drivers\sym_hi.sys Address: 0x8AFC1000 Size: 45056 File Visible: - Signed: - Status: - Name: sym_u3.sys Image Path: C:\Windows\system32\drivers\sym_u3.sys Address: 0x8AFCC000 Size: 45056 File Visible: - Signed: - Status: - Name: symc8xx.sys Image Path: C:\Windows\system32\drivers\symc8xx.sys Address: 0x8AFB5000 Size: 49152 File Visible: - Signed: - Status: - Name: SynTP.sys Image Path: C:\Windows\system32\DRIVERS\SynTP.sys Address: 0x8F3C8000 Size: 194560 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\Windows\System32\drivers\tcpip.sys Address: 0x8B20D000 Size: 954368 File Visible: - Signed: - Status: - Name: tcpipreg.sys Image Path: C:\Windows\System32\drivers\tcpipreg.sys Address: 0x9CFCA000 Size: 49152 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\Windows\system32\DRIVERS\TDI.SYS Address: 0x8F668000 Size: 45056 File Visible: - Signed: - Status: - Name: tdx.sys Image Path: C:\Windows\system32\DRIVERS\tdx.sys Address: 0x8FB64000 Size: 90112 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\Windows\system32\DRIVERS\termdd.sys Address: 0x8F70A000 Size: 65536 File Visible: - Signed: - Status: - Name: TSDDD.dll Image Path: C:\Windows\System32\TSDDD.dll Address: 0x97820000 Size: 36864 File Visible: - Signed: - Status: - Name: tunmp.sys Image Path: C:\Windows\system32\DRIVERS\tunmp.sys Address: 0x8B400000 Size: 36864 File Visible: - Signed: - Status: - Name: tunnel.sys Image Path: C:\Windows\system32\DRIVERS\tunnel.sys Address: 0x8B5F5000 Size: 45056 File Visible: - Signed: - Status: - Name: uliahci.sys Image Path: C:\Windows\system32\drivers\uliahci.sys Address: 0x8ACDE000 Size: 245760 File Visible: - Signed: - Status: - Name: ulsata.sys Image Path: C:\Windows\system32\drivers\ulsata.sys Address: 0x8AFD7000 Size: 135168 File Visible: - Signed: - Status: - Name: ulsata2.sys Image Path: C:\Windows\system32\drivers\ulsata2.sys Address: 0x8AD1A000 Size: 180224 File Visible: - Signed: - Status: - Name: umbus.sys Image Path: C:\Windows\system32\DRIVERS\umbus.sys Address: 0x8F75E000 Size: 53248 File Visible: - Signed: - Status: - Name: usbccgp.sys Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys Address: 0x8FF02000 Size: 94208 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\Windows\system32\DRIVERS\USBD.SYS Address: 0x8F3F8000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\Windows\system32\DRIVERS\usbehci.sys Address: 0x8B3D1000 Size: 61440 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\Windows\system32\DRIVERS\usbhub.sys Address: 0x8F76B000 Size: 212992 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS Address: 0x8ADAE000 Size: 253952 File Visible: - Signed: - Status: - Name: USBSTOR.SYS Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS Address: 0x8FF54000 Size: 73728 File Visible: - Signed: - Status: - Name: usbuhci.sys Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys Address: 0x8EC00000 Size: 45056 File Visible: - Signed: - Status: - Name: usbvideo.sys Image Path: C:\Windows\System32\Drivers\usbvideo.sys Address: 0x8FF19000 Size: 134016 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\Windows\System32\drivers\vga.sys Address: 0x8FB05000 Size: 49152 File Visible: - Signed: - Status: - Name: viaide.sys Image Path: C:\Windows\system32\drivers\viaide.sys Address: 0x82C32000 Size: 32768 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS Address: 0x8FB11000 Size: 135168 File Visible: - Signed: - Status: - Name: volmgr.sys Image Path: C:\Windows\system32\drivers\volmgr.sys Address: 0x80781000 Size: 61440 File Visible: - Signed: - Status: - Name: volmgrx.sys Image Path: C:\Windows\System32\drivers\volmgrx.sys Address: 0x80790000 Size: 303104 File Visible: - Signed: - Status: - Name: volsnap.sys Image Path: C:\Windows\system32\drivers\volsnap.sys Address: 0x8B524000 Size: 233472 File Visible: - Signed: - Status: - Name: vsmraid.sys Image Path: C:\Windows\system32\drivers\vsmraid.sys Address: 0x8AD46000 Size: 135168 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\Windows\system32\DRIVERS\wanarp.sys Address: 0x8FE5D000 Size: 77824 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\Windows\System32\drivers\watchdog.sys Address: 0x8F1F3000 Size: 53248 File Visible: - Signed: - Status: - Name: wd.sys Image Path: C:\Windows\system32\drivers\wd.sys Address: 0x8B51C000 Size: 32768 File Visible: - Signed: - Status: - Name: Wdf01000.sys Image Path: C:\Windows\system32\drivers\Wdf01000.sys Address: 0x80601000 Size: 507904 File Visible: - Signed: - Status: - Name: WDFLDR.SYS Image Path: C:\Windows\system32\drivers\WDFLDR.SYS Address: 0x8067D000 Size: 53248 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0x97600000 Size: 2105344 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\Windows\System32\win32k.sys Address: 0x97600000 Size: 2105344 File Visible: - Signed: - Status: - Name: WinUSB.sys Image Path: C:\Windows\system32\DRIVERS\WinUSB.sys Address: 0x8FEF1000 Size: 31616 File Visible: - Signed: - Status: - Name: wmiacpi.sys Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys Address: 0x8F626000 Size: 36864 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\Windows\system32\drivers\WMILIB.SYS Address: 0x806D0000 Size: 36864 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x8220A000 Size: 3907584 File Visible: - Signed: - Status: - Name: WUDFPf.sys Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys Address: 0x9DE48000 Size: 73728 File Visible: - Signed: - Status: - Name: WUDFRd.sys Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys Address: 0x9DE33000 Size: 83328 File Visible: - Signed: - Status: - So bitte schön |
|
|
|
|
|
|
13.11.2009, 14:05
Member
Beiträge: 694 |
#6
Hi,
hattest Du die externen Datenträger angeschlossen? Bitte folgende Files prüfen: Dateien Online überprüfen lassen: Als erstes versteckte Dateien (http://www.trojaner-board.de/54791-anleitung-uploadchannel-trojaner-board.html#post349565) anzeigen lassen! (nur Punkt 1 durchführen!)Suche die Seite (http://www.virustotal.com/)Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien: Code C:\Windows\System32\drivers\tcpip.sysLade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.) Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.Wichtig: Auch die Größenangabe sowie den HASH mit kopieren! Avira Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html Führe einen Systemscan durch und poste das Ergebnis! chris |
|
|
|
|
|
|
13.11.2009, 18:48
Member
Themenstarter Beiträge: 34 |
#7
Habe keine externen Datenträger.
Datei tcpip.sys empfangen 2009.11.13 17:09:06 (UTC) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/41 (0%) Laden der Serverinformationen... Ihre Datei wartet momentan auf Position: ___. Geschätzte Startzeit ist zwischen ___ und ___ . Dieses Fenster bis zum Abschluss des Scans nicht schließen. Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen. Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut. Ihre Datei wird momentan von VirusTotal überprüft, Ergebnisse werden sofort nach der Generierung angezeigt. Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet. SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.11.13 - AhnLab-V3 5.0.0.2 2009.11.13 - AntiVir 7.9.1.65 2009.11.13 - Antiy-AVL 2.0.3.7 2009.11.13 - Authentium 5.2.0.5 2009.11.13 - Avast 4.8.1351.0 2009.11.13 - AVG 8.5.0.425 2009.11.13 - BitDefender 7.2 2009.11.13 - CAT-QuickHeal 10.00 2009.11.13 - ClamAV 0.94.1 2009.11.13 - Comodo 2943 2009.11.13 - DrWeb 5.0.0.12182 2009.11.13 - eSafe 7.0.17.0 2009.11.12 - eTrust-Vet 35.1.7119 2009.11.13 - F-Prot 4.5.1.85 2009.11.13 - F-Secure 9.0.15370.0 2009.11.11 - Fortinet 3.120.0.0 2009.11.13 - GData 19 2009.11.13 - Ikarus T3.1.1.74.0 2009.11.13 - Jiangmin 11.0.800 2009.11.12 - K7AntiVirus 7.10.896 2009.11.13 - Kaspersky 7.0.0.125 2009.11.13 - McAfee 5800 2009.11.12 - McAfee+Artemis 5800 2009.11.12 - McAfee-GW-Edition 6.8.5 2009.11.13 - Microsoft 1.5202 2009.11.13 - NOD32 4604 2009.11.13 - Norman 6.03.02 2009.11.13 - nProtect 2009.1.8.0 2009.11.13 - Panda 10.0.2.2 2009.11.13 - PCTools 7.0.3.5 2009.11.13 - Prevx 3.0 2009.11.13 - Rising 22.21.04.09 2009.11.13 - Sophos 4.47.0 2009.11.13 - Sunbelt 3.2.1858.2 2009.11.12 - Symantec 1.4.4.12 2009.11.13 - TheHacker 6.5.0.2.067 2009.11.12 - TrendMicro 9.0.0.1003 2009.11.13 - VBA32 3.12.10.11 2009.11.13 - ViRobot 2009.11.13.2035 2009.11.13 - VirusBuster 4.6.5.0 2009.11.13 - weitere Informationen File size: 897608 bytes MD5...: 8a7ad2a214233f684242f289ed83ebc3 SHA1..: 8117da2499694a2cc518653ef306d63beeb5ab16 SHA256: 2437b9a6378c9d80efe58f49a55c4ea125ca47170eb19669734d882e91ed452d ssdeep: 24576:+jYhY8Vh2ADPJkAZEsn9IhFA1RdAqE/b0rn6y+w/z+5/:7Ue1RbFa5/ PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xdd1b9 timedatestamp.....: 0x4a8571aa (Fri Aug 14 14:16:10 2009) machinetype.......: 0x14c (I386) ( 9 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xba696 0xba800 6.56 e172f42a37d5627bf6456f7a8bd7cba0 .rdata 0xbc000 0xa624 0xa800 5.97 cb0cb6325e35161293cd9bfd62833a8c .data 0xc7000 0x128fc 0x8200 0.74 e5831448aaa5366b87efbbf879ace005 PAGE 0xda000 0x998 0xa00 6.23 0599c883c682124b4a8a78f2d4fdbbb9 .edata 0xdb000 0x49 0x200 0.85 936f4d20f849cbe84b238192180e3e54 PAGECONS 0xdc000 0x78 0x200 1.24 e55f42a50e6d2516227666da201ea002 INIT 0xdd000 0x3e4a 0x4000 5.86 7430a9a6b15bdffe9c85019baba53105 .rsrc 0xe1000 0x3e0 0x400 3.35 3a67ffe29d9aa4a98b186edfe6200e8c .reloc 0xe2000 0x6de0 0x6e00 6.80 06f20001f2d32e09eb27fb021cc2b0d1 ( 8 imports ) > ntoskrnl.exe: RtlIpv4AddressToStringExW, MmUnlockPages, MmUserProbeAddress, PsGetCurrentProcessId, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, KeLeaveCriticalRegion, ExReleaseResourceLite, ExDeleteResourceLite, ExInitializeResourceLite, RtlUnwind, RtlAnsiCharToUnicodeChar, MmProbeAndLockPages, RtlInitializeBitMap, RtlSetBit, RtlSetBits, ExInitializeLookasideListEx, ExDeleteLookasideListEx, KeBugCheckEx, DbgPrint, RtlSubAuthoritySid, ObOpenObjectByPointer, ZwQueryInformationToken, ExGetPreviousMode, ExUuidCreate, ExAllocatePoolWithQuotaTag, KeBugCheck, KeDelayExecutionThread, KeTickCount, IoGetCurrentProcess, KeInitializeMutex, SeSetAuditParameter, SeReportSecurityEventWithSubCategory, DbgBreakPoint, MmSizeOfMdl, MmUnmapLockedPages, ObLogSecurityDescriptor, SeCaptureSubjectContextEx, SeLockSubjectContext, IoGetFileObjectGenericMapping, SeAccessCheck, SeUnlockSubjectContext, SeReleaseSubjectContext, RtlCreateSecurityDescriptor, SeExports, RtlLengthSid, RtlCreateAcl, RtlAddAccessAllowedAceEx, RtlSetDaclSecurityDescriptor, ExInterlockedFlushSList, KeInitializeSemaphore, ExAllocatePoolWithTagPriority, RtlIpv6AddressToStringExW, RtlVerifyVersionInfo, KeInitializeTimerEx, ExGetCurrentProcessorCounts, KeSetTimerEx, KeQueryActiveProcessors, KeQueryInterruptTime, KeFlushQueuedDpcs, KeCancelTimer, KeInitializeDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, KeWaitForMultipleObjects, KeInsertQueueDpc, IoAllocateWorkItem, IoQueueWorkItem, IoFreeWorkItem, MmBuildMdlForNonPagedPool, RtlInitializeGenericTableAvl, RtlGetVersion, KeQuerySystemTime, RtlLookupElementGenericTableFullAvl, ObDereferenceSecurityDescriptor, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, ExNotifyCallback, KeQueryMaximumProcessorCount, KeIsExecutingDpc, PsGetProcessSessionId, InterlockedPushEntrySList, InterlockedPopEntrySList, KefAcquireSpinLockAtDpcLevel, IoAllocateMdl, IoBuildPartialMdl, KefReleaseSpinLockFromDpcLevel, IoFreeMdl, PsGetProcessId, MmMapLockedPagesSpecifyCache, ZwQuerySystemInformation, KeTestSpinLock, KeAcquireInStackQueuedSpinLockAtDpcLevel, KeReleaseInStackQueuedSpinLockFromDpcLevel, ObReferenceSecurityDescriptor, KeReleaseSemaphore, ExCreateCallback, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfReferenceObject, PsGetCurrentProcess, PsIsSystemThread, PsGetThreadProcess, KeGetCurrentThread, KeInitializeEvent, KeSetEvent, RtlEnumerateGenericTableLikeADirectory, RtlTimeToTimeFields, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, RtlLengthRequiredSid, RtlInitializeSid, RtlAddAccessAllowedAce, ObSetSecurityObjectByPointer, RtlValidSid, RtlCopySid, IoCreateDevice, IoDeleteDevice, KeReadStateEvent, KeWaitForSingleObject, KeQueryActiveProcessorCount, KeReleaseMutex, ObfDereferenceObject, ZwOpenEvent, ObReferenceObjectByHandle, ZwClose, IofCompleteRequest, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, ZwEnumerateKey, RtlQueryRegistryValues, RtlIpv4StringToAddressW, RtlSubAuthorityCountSid, RtlIntegerToUnicodeString, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, ZwQueryValueKey, RtlUnicodeStringToInteger, ZwOpenKey, RtlCompareUnicodeString, PsSetCreateProcessNotifyRoutineEx, SeLocateProcessImageName, ZwCreateFile, RtlDowncaseUnicodeString, ZwOpenProcess, KeStackAttachProcess, ZwDuplicateToken, KeUnstackDetachProcess, IoDeleteSymbolicLink, IoCreateSymbolicLink, KeQueryTimeIncrement, PsReferenceImpersonationToken, PsDereferencePrimaryToken, PsReferencePrimaryToken, PsDereferenceImpersonationToken, ObCloseHandle, VerSetConditionMask, RtlFindSetBits, RtlAreBitsClear, RtlFindClearBits, RtlClearBits, ExAcquireResourceSharedLite, RtlClearBit, RtlClearAllBits, SeOpenObjectAuditAlarmForNonObObject, RtlTestBit, RtlEqualSid, RtlIpv6StringToAddressW, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, SeQueryInformationToken, ExFreePoolWithTag > NETIO.SYS: FsbAllocateAtDpcLevel, RtlInitializeTimerWheelEntry, NetioShutdownWorkQueue, RtlComputeToeplitzHash, RtlLookupEntryHashTable, RtlGetNextEntryHashTable, RtlInsertEntryHashTable, RtlRemoveEntryHashTable, RtlCleanupTimerWheelEntry, RtlEndEnumerationHashTable, RtlEnumerateEntryHashTable, RtlInitEnumerationHashTable, RtlReturnTimerWheelEntry, RtlGetNextExpiredTimerWheelEntry, RtlDeleteElementGenericTableBasicAvl, NetioInitializeWorkQueue, RtlInsertElementGenericTableBasicAvl, FsbAllocate, NetioAdvanceToLocationInNetBuffer, RtlCopyMdlToMdlIndirect, RtlUpdateCurrentTimerWheelTick, RtlEndTimerWheelEnumeration, RtlEnumerateNextTimerWheelEntry, RtlInitializeTimerWheelEnumeration, RtlCleanupTimerWheel, RtlDeleteHashTable, RtlCreateHashTable, RtlInitializeTimerWheel, RtlContractHashTable, RtlExpandHashTable, NetioFreeOpaquePerProcessorContext, NetioAllocateOpaquePerProcessorContext, TlDefaultRequestQueryDispatchEndpoint, TlDefaultRequestMessage, TlDefaultRequestQueryDispatch, RtlEndWeakEnumerationHashTable, RtlWeaklyEnumerateEntryHashTable, RtlInitWeakEnumerationHashTable, NsiFreeTable, NsiAllocateAndGetTable, NsiSetAllParameters, RtlCopyMdlToBuffer, NetioFreeNetBufferAndNetBufferList, NetioAllocateAndReferenceNetBufferAndNetBufferList, RtlCopyBufferToMdl, NmrWaitForClientDeregisterComplete, NmrDeregisterClient, NmrClientDetachProviderComplete, NmrClientAttachProvider, NmrRegisterClient, NmrProviderDetachClientComplete, NmrRegisterProvider, NmrWaitForProviderDeregisterComplete, NmrDeregisterProvider, NetioRetreatNetBufferList, NetioAllocateAndReferenceCopyNetBufferListEx, NetioCompleteCopyNetBufferListChain, NetioFreeCopyNetBufferList, NetioInitializeNetBufferListContext, TlDefaultRequestCancel, TlDefaultRequestConnect, TlDefaultRequestListen, NetioReferenceNetBufferList, TlDefaultRequestIoControl, NetioDereferenceNetBufferListChain, NetioAllocateNetBufferMdlAndData, NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData, NetioDereferenceNetBufferList, NetioFreeNetBuffer, NetioExtendNetBuffer, NetioFreeNetBufferList, FsbFree, RtlIndicateTimerWheelEntryTimerStart, NetioFreeMdl, NetioFreeNetBufferListNetBufferMdlAndDataPool, NetioAllocateNetBufferMdlAndDataPool, NetioAllocateNetBufferListNetBufferMdlAndDataPool, NetioFreeNetBufferMdlAndDataPool, RtlCleanupToeplitzHash, RtlInitializeToeplitzHash, WfpStartStreamShim, NetioAllocateMdl, NetioInsertWorkQueue, WfpStreamInspectRemoteDisconnect, WfpStreamInspectReceive, WfpStreamInspectDisconnect, WfpStreamInspectSend, WfpStreamEndpointCleanupBegin, NetioInitializeNetBufferListAndFirstNetBufferContext, NsiEnumerateObjectsAllParameters, NsiReferenceDefaultObjectSecurity, NsiDeregisterChangeNotification, NsiRegisterChangeNotification, NetioCompleteNetBufferListChain, RtlCopyMdlToMdl, NetioAllocateAndReferenceFragmentNetBufferList, SetWfpDeviceObject, IoctlKfdBatchUpdate, IoctlKfdDeleteIndex, IoctlKfdAddIndex, IoctlKfdAddCache, IoctlKfdResetState, IoctlKfdQueryLayerStatistics, IoctlKfdAbortTransaction, IoctlKfdCommitTransaction, IoctlKfdDeleteCache, KfdIsActiveCallout, HfCreateFactory, HfDestroyFactory, NsiSetObjectSecurity, NetioAllocateNetBuffer, NetioAllocateAndReferenceNetBufferList, PtGetNumNodes, PtCreateTable, PtDestroyTable, PtDeleteEntry, PtInsertEntry, PtGetExactMatch, PtEnumOverTable, PtGetLongestMatch, PtGetNextShorterMatch, RtlCompute37Hash, PtGetKey, PtSetData, PtGetData, NsiSetParameter, NetioCompleteNetBufferAndNetBufferListChain, NetioQueryNetBufferListTrafficClass, NetioAllocateAndReferenceVacantNetBufferList, NetioAllocateAndReferenceCloneNetBufferListEx, NetioExpandNetBuffer, NetioUpdateNetBufferListContext, NetioAllocateAndReferenceCloneNetBufferList, NetioFreeCloneNetBufferList, NsiGetParameter, KfdCheckAcceptBypass, KfdCheckAndCacheAcceptBypass, KfdCheckConnectBypass, KfdCheckAndCacheConnectBypass, KfdGetLayerActionFromEnumTemplate, KfdEnumLayer, KfdGetNextFilter, KfdDerefFilterContext, KfdFreeEnumHandle, WfpScavangeLeastRecentlyUsedList, KfdAleInitializeFlowTable, WfpSetBucketsToEmptyLru, WfpExpireEntryLru, WfpInsertEntryLru, WfpDeleteEntryLru, WfpStreamIsFilterPresent, KfdToggleFilterActivation, NsiGetAllParameters, WfpInitializeLeastRecentlyUsedList, KfdAleNotifyFlowDeletion, FwppStreamDeleteDpcQueue, WfpUninitializeLeastRecentlyUsedList, KfdAleUninitializeFlowHandles, KfdAleInitializeFlowHandles, KfdGetOffloadEpoch, KfdIsLsoOffloadPossibleV6, KfdIsLsoOffloadPossibleV4, KfdIsV6InTransportFastEmpty, KfdIsV4InTransportFastEmpty, KfdIsV6OutTransportFastEmpty, KfdIsV4OutTransportFastEmpty, WfpRefreshEntryLru, NetioAdvanceNetBufferList, KfdCheckClassifyNeededAndUpdateEpoch, KfdAleAcquireFlowHandleForFlow, KfdClassify, KfdAleReleaseFlowHandleForFlow, KfdGetLayerCacheEpoch, KfdIsLayerEmpty, FwppStreamInject, FwppStreamContinue, FwppCopyStreamDataToBuffer, FwppAdvanceStreamDataPastOffset, FwppTruncateStreamDataAfterOffset, NetioUnRegisterProcessorAddCallback, NetioUnInitializeNetBufferListLibrary, NetioInitializeNetBufferListLibrary, NetioRegisterProcessorAddCallback, RtlInvokeStartRoutines, RtlInvokeStopRoutines, FsbDestroyPool, WfpStopStreamShim, FsbCreatePool, NsiGetParameterEx > NDIS.SYS: NdisDeregisterProtocolDriver, NdisRegisterProtocolDriver, NdisInitiateOffload, NdisInitializeTimer, NdisAcquireReadWriteLock, NdisGetSessionToCompartmentMappingEpochAndZero, NdisTerminateOffload, NdisUpdateOffload, NdisInvalidateOffload, NdisQueryOffloadState, NdisOidRequest, NdisDirectOidRequest, NdisCompleteNetPnPEvent, NdisCloseAdapterEx, NdisOpenAdapterEx, NdisSetTimer, NdisInitializeReadWriteLock, NdisCancelTimer, NdisCancelSendNetBufferLists, NdisSendNetBufferLists, NdisReleaseReadWriteLock, NdisReturnNetBufferLists, NdisOffloadTcpSend, NdisOffloadTcpReceive, NdisOffloadTcpReceiveReturn, NdisOffloadTcpDisconnect, NdisSetOptionalHandlers, NdisOffloadTcpForward, NdisGetDataBuffer, NetDmaRegisterClient, NetDmaDeregisterClient, NetDmaFreeChannel, NetDmaAllocateChannel, NdisGetProcessorInformation, NdisFreeNetBufferList, NetDmaNullTransfer, NetDmaIsDmaCopyComplete, NdisGetThreadObjectCompartmentId, NdisGetSessionCompartmentId, NdisAdjustNetBufferCurrentMdl, NdisAdvanceNetBufferDataStart, NdisRetreatNetBufferDataStart > FLTMGR.SYS: FltGetFileNameInformationUnsafe, FltReleaseFileNameInformation > fwpkclnt.sys: FwpsCalloutUnregisterByKey0, FwpmBfeStateSubscribeChangesWithoutDevice0, FwpmBfeStateUnsubscribeChanges0, FwpsClassifyOptionSet0, FwpmEngineClose0, FwpmEngineOpen0, FwpmSecureSocketDeleteByKeyAsync0, FwpmSecureSocketAddAsync0, FwpmEventProviderIsNetEventTypeEnabled0, FwpsRequestEndpointDeleteNotification0, FwppDispatchDevCtl0, IPsecDriverExpire, IPsecDriverInitiateAcquire, FwpmEventProviderFireNetEvent0, FwpsTcpIpDispatchTableClear0, FwpmEventProviderDestroy0, FwpmEventProviderCreate0, FwpsTcpIpDispatchTableSet0, FwpsCalloutRegisterWithoutDevice0 > HAL.dll: KeGetCurrentIrql, KfReleaseSpinLock, KfLowerIrql, KfAcquireSpinLock, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, KeRaiseIrqlToDpcLevel, ExReleaseFastMutex, ExAcquireFastMutex, KfRaiseIrql, KeQueryPerformanceCounter > ksecdd.sys: BCryptDestroyHash, BCryptDecrypt, BCryptCloseAlgorithmProvider, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptGetProperty, BCryptGenRandom, BCryptHashData, BCryptEncrypt, BCryptGenerateSymmetricKey, BCryptDestroyKey, BCryptFinishHash, BCryptCreateHash > msrpc.sys: NdrMesTypeDecode2, MesHandleFree, I_RpcExceptionFilter, MesDecodeBufferHandleCreate ( 1 exports ) EQoSTestHook RDS...: NSRL Reference Data Set - pdfid.: - sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: TCP/IP Driver original name: tcpip.sys internal name: tcpip.sys file version.: 6.0.6001.18311 (vistasp1_gdr.090814-0321) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned trid..: Win64 Executable Generic (87.2%) Win32 Executable Generic (8.6%) Generic Win/DOS Executable (2.0%) DOS Executable Generic (2.0%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) Datei ieUnatt.exe empfangen 2009.11.13 17:13:18 (UTC) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/41 (0%) Laden der Serverinformationen... Ihre Datei wartet momentan auf Position: 1. Geschätzte Startzeit ist zwischen 43 und 62 Sekunden. Dieses Fenster bis zum Abschluss des Scans nicht schließen. Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen. Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut. Ihre Datei wird momentan von VirusTotal überprüft, Ergebnisse werden sofort nach der Generierung angezeigt. Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet. SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.11.10 - AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.10 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.10 - BitDefender 7.2 2009.11.10 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2905 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - F-Secure 9.0.15370.0 2009.11.09 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.10 - Ikarus T3.1.1.74.0 2009.11.10 - Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.892 2009.11.09 - Kaspersky 7.0.0.125 2009.11.10 - McAfee 5797 2009.11.09 - McAfee+Artemis 5797 2009.11.09 - McAfee-GW-Edition 6.8.5 2009.11.10 - Microsoft 1.5202 2009.11.10 - NOD32 4592 2009.11.10 - Norman 6.03.02 2009.11.09 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.09 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.13 - Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.10 - Sunbelt 3.2.1858.2 2009.11.10 - Symantec 1.4.4.12 2009.11.10 - TheHacker 6.5.0.2.064 2009.11.09 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.09 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.09 - weitere Informationen File size: 133632 bytes MD5...: 6d24c843a385b12865a21f44e43cd52f SHA1..: 1cb4385af0cf0d1c6c33c669a6ba2396611007e4 SHA256: 5c6cdc2bb9c2b6f4469d0a2a835a82e0360625438f06fbc7c2f43804b19df2c4 ssdeep: 3072:88Xrf81VIbVNUrutgrWM0iM80sF+EXab3iTQU8FFd3m4xnghRo5EiUDQ+q: 88o0heabSTQU8FFA4xghRoWil+q PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xd8ab timedatestamp.....: 0x4a9600a4 (Thu Aug 27 03:42:28 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1924c 0x19400 5.86 2d97a744f510532226a4e2aa4d231958 .data 0x1b000 0x4810 0x3e00 1.94 ca3278edf042a9bca576590597f543e3 .rsrc 0x20000 0x7e0 0x800 4.33 8152d3d511d6cd891147fc71a148fe52 .reloc 0x21000 0x2a0e 0x2c00 4.21 f2b748f1b5b2eedbe93c1f71cff31bf7 ( 11 imports ) > ADVAPI32.dll: RegCloseKey, RegQueryInfoKeyW, RegDeleteKeyW, RegEnumKeyExW, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegEnumValueW, SetSecurityDescriptorOwner, RegSetKeySecurity, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, CryptReleaseContext, CryptDestroyHash, CryptDestroyKey, CryptDecrypt, CryptEncrypt, CryptGetHashParam, CryptGenRandom, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptAcquireContextW, SetSecurityInfo, GetSecurityInfo, IsValidSid, LookupAccountSidW, LookupAccountNameW, GetUserNameW, RegFlushKey, RegDeleteValueW, RegUnLoadKeyW, RegLoadKeyW, InitializeSecurityDescriptor, OpenThreadToken, GetTokenInformation, GetLengthSid, InitializeAcl, AddAccessAllowedAce, EqualSid, SetSecurityDescriptorDacl, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, SetNamedSecurityInfoW > KERNEL32.dll: MoveFileExW, MoveFileW, CopyFileW, GlobalSize, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, HeapWalk, HeapValidate, HeapCompact, GlobalMemoryStatus, GetVersionExW, GetDriveTypeW, ResetEvent, CreateThread, WaitForMultipleObjects, CreateEventW, FreeLibrary, SetEvent, RemoveDirectoryW, GetTempFileNameW, ReadFile, HeapDestroy, HeapCreate, GetLogicalDriveStringsW, IsDebuggerPresent, OutputDebugStringA, MultiByteToWideChar, FlushFileBuffers, CreateDirectoryW, DebugBreak, DuplicateHandle, SetFileAttributesW, GetTempPathW, GetShortPathNameW, CreateProcessW, CreateProcessA, OpenProcess, GetVolumeInformationW, SetFileTime, SetEndOfFile, OpenEventW, GetComputerNameW, GetOverlappedResult, GetFileType, GetDiskFreeSpaceW, GetDiskFreeSpaceExW, GetPrivateProfileStringW, LoadLibraryW, GetExitCodeProcess, GetLocaleInfoW, VirtualAlloc, VirtualFree, DeviceIoControl, GetLogicalDrives, HeapSize, lstrlenW, lstrcmpiW, WritePrivateProfileStringW, GetCommandLineW, LocalFree, GetLastError, GetVersionExA, InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, LocalAlloc, ExpandEnvironmentStringsW, GetFileAttributesW, SetErrorMode, GetFullPathNameW, FindClose, FindNextFileW, FindFirstFileW, GetWindowsDirectoryW, GetProcessHeap, HeapFree, VirtualQuery, MapViewOfFile, CreateFileMappingW, GetFileSize, UnmapViewOfFile, TlsAlloc, GetLocalTime, HeapReAlloc, TlsSetValue, HeapAlloc, TlsGetValue, SetLastError, FormatMessageW, RaiseException, ExitProcess, TlsFree, GetWindowsDirectoryA, CloseHandle, GetCurrentThread, ReleaseMutex, WaitForSingleObject, SetFilePointer, WriteFile, GetModuleFileNameA, CreateMutexW, CreateFileW, GetModuleFileNameW, DeleteFileW, GetVersion, GetSystemInfo, CreateMutexA, CreateFileMappingA, CreateFileA, DeleteFileA, LoadLibraryA, ExpandEnvironmentStringsA, GetProcAddress, GetModuleHandleW, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection > msvcrt.dll: towlower, free, __CxxFrameHandler3, __1type_info@@UAE@XZ, _XcptFilter, _exit, _vsnwprintf, __3@YAXPAX@Z, __2@YAPAXI@Z, memset, _wcsnicmp, wcsncmp, _wfopen, fgetws, feof, fclose, wcstok, _wtoi, iswctype, _wcsicmp, _purecall, wcsrchr, _vsnprintf, memcpy, _ismbblead, exit, _acmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _unlock, __dllonexit, _lock, _onexit, swscanf_s, _cexit, __getmainargs, _itow_s > ole32.dll: GetHGlobalFromStream, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitializeEx, CoInitialize, CoCreateGuid, CreateStreamOnHGlobal > SHELL32.dll: ExtractIconExW, ShellExecuteExW, SHGetFolderPathW, -, CommandLineToArgvW > SHLWAPI.dll: PathAppendW, StrCmpW, StrChrW, - > USER32.dll: MessageBoxA, LoadStringW, LoadIconW, UnregisterClassA, MessageBoxW > WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, WSAIoctl, -, - > dbghelp.dll: MiniDumpWriteDump > IPHLPAPI.DLL: GetIpAddrTable > OLEAUT32.dll: -, -, - ( 66 exports ) __0_$CDynamicArray@EPAE@@QAE@I@Z, __0_$CDynamicArray@EPAUSKey@@@@QAE@I@Z, __0_$CDynamicArray@EPAUSValue@@@@QAE@I@Z, __0_$CDynamicArray@GPAG@@QAE@I@Z, __0_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@I@Z, __0_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@I@Z, __0_$CDynamicArray@_KPA_K@@QAE@I@Z, __1_$CDynamicArray@EPAE@@QAE@XZ, __1_$CDynamicArray@EPAUSKey@@@@QAE@XZ, __1_$CDynamicArray@EPAUSValue@@@@QAE@XZ, __1_$CDynamicArray@GPAG@@QAE@XZ, __1_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@XZ, __1_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@XZ, __1_$CDynamicArray@_KPA_K@@QAE@XZ, __4_$CDynamicArray@EPAE@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@EPAUSKey@@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@EPAUSValue@@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@GPAG@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@_KPA_K@@QAEAAV0@ABV0@@Z, __A_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAPAUSEnumBinContext@@I@Z, __A_$CDynamicArray@_KPA_K@@QAEAA_KI@Z, __B_$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ, __B_$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ, __B_$CDynamicArray@GPAG@@QBEPAGXZ, __C_$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ, __C_$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ, ___F_$CDynamicArray@EPAE@@QAEXXZ, ___F_$CDynamicArray@EPAUSKey@@@@QAEXXZ, ___F_$CDynamicArray@EPAUSValue@@@@QAEXXZ, ___F_$CDynamicArray@GPAG@@QAEXXZ, ___F_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ, ___F_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ, ___F_$CDynamicArray@_KPA_K@@QAEXXZ, _Add@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHAAPAUSEnumBinContext@@@Z, _Add@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@@Z, _Add@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@AAI@Z, _Add@_$CDynamicArray@_KPA_K@@QAEHAA_K@Z, _ElementAt@_$CDynamicArray@GPAG@@QAEAAGI@Z, _ElementAt@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAUSKeeperEntry@CBlackboardFactory@@I@Z, _GetBuffer@_$CDynamicArray@EPAE@@QAEPAEI@Z, _GetBuffer@_$CDynamicArray@EPAUSValue@@@@QAEPAUSValue@@I@Z, _GetBuffer@_$CDynamicArray@GPAG@@QAEPAGI@Z, _GetSize@_$CDynamicArray@EPAE@@QBEIXZ, _GetSize@_$CDynamicArray@GPAG@@QBEIXZ, _GetSize@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QBEIXZ, _GetSize@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QBEIXZ, _GetSize@_$CDynamicArray@_KPA_K@@QBEIXZ, _Init@_$CDynamicArray@EPAE@@IAEXI@Z, _Init@_$CDynamicArray@EPAUSKey@@@@IAEXI@Z, _Init@_$CDynamicArray@EPAUSValue@@@@IAEXI@Z, _Init@_$CDynamicArray@GPAG@@IAEXI@Z, _Init@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@IAEXI@Z, _Init@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@IAEXI@Z, _Init@_$CDynamicArray@_KPA_K@@IAEXI@Z, _RemoveAll@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ, _RemoveAll@_$CDynamicArray@_KPA_K@@QAEXXZ, _RemoveItemFromTail@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ, _SetSize@_$CDynamicArray@EPAE@@QAEHK@Z, _SetSize@_$CDynamicArray@EPAUSKey@@@@QAEHK@Z, _SetSize@_$CDynamicArray@EPAUSValue@@@@QAEHK@Z, _SetSize@_$CDynamicArray@GPAG@@QAEHK@Z, _SetSize@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHK@Z, _SetSize@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHK@Z, _SetSize@_$CDynamicArray@_KPA_K@@QAEHK@Z RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Windows_ Internet Explorer description..: IE 7.0 Unattended Install Utility original name: IEUNATT.EXE internal name: IEUNATT file version.: 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Datei DpPwdFlt.dll empfangen 2009.11.13 17:19:05 (UTC) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 0/41 (0%) Laden der Serverinformationen... Ihre Datei wartet momentan auf Position: ___. Geschätzte Startzeit ist zwischen ___ und ___ . Dieses Fenster bis zum Abschluss des Scans nicht schließen. Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen. Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut. Ihre Datei wird momentan von VirusTotal überprüft, Ergebnisse werden sofort nach der Generierung angezeigt. Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet. SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.11.13 - AhnLab-V3 5.0.0.2 2009.11.13 - AntiVir 7.9.1.65 2009.11.13 - Antiy-AVL 2.0.3.7 2009.11.13 - Authentium 5.2.0.5 2009.11.13 - Avast 4.8.1351.0 2009.11.13 - AVG 8.5.0.425 2009.11.13 - BitDefender 7.2 2009.11.13 - CAT-QuickHeal 10.00 2009.11.13 - ClamAV 0.94.1 2009.11.13 - Comodo 2943 2009.11.13 - DrWeb 5.0.0.12182 2009.11.13 - eSafe 7.0.17.0 2009.11.12 - eTrust-Vet 35.1.7119 2009.11.13 - F-Prot 4.5.1.85 2009.11.13 - F-Secure 9.0.15370.0 2009.11.11 - Fortinet 3.120.0.0 2009.11.13 - GData 19 2009.11.13 - Ikarus T3.1.1.74.0 2009.11.13 - Jiangmin 11.0.800 2009.11.12 - K7AntiVirus 7.10.896 2009.11.13 - Kaspersky 7.0.0.125 2009.11.13 - McAfee 5800 2009.11.12 - McAfee+Artemis 5800 2009.11.12 - McAfee-GW-Edition 6.8.5 2009.11.13 - Microsoft 1.5202 2009.11.13 - NOD32 4604 2009.11.13 - Norman 6.03.02 2009.11.13 - nProtect 2009.1.8.0 2009.11.13 - Panda 10.0.2.2 2009.11.13 - PCTools 7.0.3.5 2009.11.13 - Prevx 3.0 2009.11.13 - Rising 22.21.04.09 2009.11.13 - Sophos 4.47.0 2009.11.13 - Sunbelt 3.2.1858.2 2009.11.12 - Symantec 1.4.4.12 2009.11.13 - TheHacker 6.5.0.2.067 2009.11.12 - TrendMicro 9.0.0.1003 2009.11.13 - VBA32 3.12.10.11 2009.11.13 - ViRobot 2009.11.13.2035 2009.11.13 - VirusBuster 4.6.5.0 2009.11.13 - weitere Informationen File size: 150592 bytes MD5...: 86c2658d05b7f2caa105c1058497d2f5 SHA1..: f227984449bb5fbcde805b6e0f0420533bb3cc1f SHA256: 214261efc548e71cd3f97fbfefd87afd83cecae0a98fef6736b09bc365ac8bfd ssdeep: 3072:3glu8r8tqD+bTiwOL2bRmM0E7FLc6c05bTPZ/M6E6:wlu8QtqYvbXaSTPZU E PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x9fff timedatestamp.....: 0x49408876 (Thu Dec 11 03:26:46 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1628c 0x17000 6.55 97df29b3076ddd486c85b8eabd6656f1 .rdata 0x18000 0x5338 0x6000 4.70 1539746d863d2d2cfb6a09d27de641df .data 0x1e000 0x32dc 0x2000 2.93 65c8acc69e234a5db810d47d23b6753e .rsrc 0x22000 0x528 0x1000 1.50 9e7fbdae03f0e610d2c75ec143df8cce .reloc 0x23000 0x2276 0x3000 3.66 fb228f6a5030ea516ed1333eac171e51 ( 5 imports ) > KERNEL32.dll: GetLocalTime, InitializeCriticalSection, DeleteCriticalSection, GetProcAddress, LoadLibraryW, MultiByteToWideChar, GetCurrentThreadId, SetFilePointer, FindClose, FindFirstFileW, CreateDirectoryW, InterlockedExchange, GetTickCount, GetModuleFileNameA, FreeLibrary, GetComputerNameA, GetFileSize, CreateFileW, WriteFile, IsDebuggerPresent, WideCharToMultiByte, CloseHandle, GetCurrentProcessId, ProcessIdToSessionId, GetVersionExA, LocalFree, LeaveCriticalSection, EnterCriticalSection, GetComputerNameExW, lstrcmpiW, lstrlenW, lstrcatW, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, GetModuleFileNameW, SetLastError, GetLastError, LocalAlloc, LoadLibraryA, RaiseException, GetACP, GetLocaleInfoA, GetThreadLocale, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, ExitThread, ResumeThread, CreateThread, VirtualProtect, VirtualAlloc, GetModuleHandleA, GetSystemInfo, VirtualQuery, GetCommandLineA, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, InterlockedDecrement, GetCPInfo, GetOEMCP, LCMapStringA, LCMapStringW, VirtualFree, HeapDestroy, HeapCreate, ExitProcess, GetStdHandle, Sleep, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW > ADVAPI32.dll: RegEnumValueW, RegCreateKeyExW, RegOpenKeyExA, RegEnumKeyA, RegQueryValueExA, RegCloseKey, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW > ole32.dll: CoUninitialize, CoInitialize > OLEAUT32.dll: -, -, -, -, - > CRYPT32.dll: CryptEncodeObject, CryptDecodeObject ( 5 exports ) DllRegisterServer, DllUnregisterServer, InitializeChangeNotify, PasswordChangeNotify, PasswordFilter RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: DigitalPersona, Inc. copyright....: Copyright (c) DigitalPersona, Inc. 1996-2008 product......: DPPwdFlt Module description..: DPPwdFlt Module original name: DPPwdFlt.DLL internal name: DPPwdFlt file version.: 4.3.0.3691 comments.....: signers......: - signing date.: - verified.....: Unsigned Datei atapi.sys empfangen 2009.11.13 17:20:52 (UTC) Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt Ergebnis: 1/41 (2.44%) Laden der Serverinformationen... Ihre Datei wartet momentan auf Position: 2. Geschätzte Startzeit ist zwischen 52 und 75 Sekunden. Dieses Fenster bis zum Abschluss des Scans nicht schließen. Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen. Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut. Ihre Datei wird momentan von VirusTotal überprüft, Ergebnisse werden sofort nach der Generierung angezeigt. Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet. SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email: Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.11.13 - AhnLab-V3 5.0.0.2 2009.11.13 - AntiVir 7.9.1.65 2009.11.13 - Antiy-AVL 2.0.3.7 2009.11.13 - Authentium 5.2.0.5 2009.11.13 - Avast 4.8.1351.0 2009.11.13 - AVG 8.5.0.425 2009.11.13 - BitDefender 7.2 2009.11.13 - CAT-QuickHeal 10.00 2009.11.13 - ClamAV 0.94.1 2009.11.13 - Comodo 2943 2009.11.13 - DrWeb 5.0.0.12182 2009.11.13 - eSafe 7.0.17.0 2009.11.12 - eTrust-Vet 35.1.7119 2009.11.13 - F-Prot 4.5.1.85 2009.11.13 - F-Secure 9.0.15370.0 2009.11.11 - Fortinet 3.120.0.0 2009.11.13 - GData 19 2009.11.13 - Ikarus T3.1.1.74.0 2009.11.13 - Jiangmin 11.0.800 2009.11.12 - K7AntiVirus 7.10.896 2009.11.13 - Kaspersky 7.0.0.125 2009.11.13 - McAfee 5800 2009.11.12 - McAfee+Artemis 5800 2009.11.12 - McAfee-GW-Edition 6.8.5 2009.11.13 Heuristic.BehavesLike.Win32.Rootkit.H Microsoft 1.5202 2009.11.13 - NOD32 4604 2009.11.13 - Norman 6.03.02 2009.11.13 - nProtect 2009.1.8.0 2009.11.13 - Panda 10.0.2.2 2009.11.13 - PCTools 7.0.3.5 2009.11.13 - Prevx 3.0 2009.11.13 - Rising 22.21.04.09 2009.11.13 - Sophos 4.47.0 2009.11.13 - Sunbelt 3.2.1858.2 2009.11.12 - Symantec 1.4.4.12 2009.11.13 - TheHacker 6.5.0.2.067 2009.11.12 - TrendMicro 9.0.0.1003 2009.11.13 - VBA32 3.12.10.11 2009.11.13 - ViRobot 2009.11.13.2035 2009.11.13 - VirusBuster 4.6.5.0 2009.11.13 - weitere Informationen File size: 21560 bytes MD5...: 9c0e70031905adbf94edb9ea14af943b SHA1..: 69097979d1c1e25325018cba21c9f1f8f8c5754b SHA256: 88e4a250c22e919decedf1d59566265c473cdfac97440f25a6d05e6200223194 ssdeep: 384:mzY0Vgd1RrKzBoW3UwWkhy/jso9uT+quEOjBMI:mz/Vgd1gz/Hy/jso5zMI PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5005 timedatestamp.....: 0x48449a09 (Tue Jun 03 01:10:33 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x19b0 0x1a00 6.30 4ac8c9f82cf23d85316bd85d3d8e4efb .rdata 0x3000 0xae 0x200 1.52 789da2a578c587add39868b7c67dcb8b .data 0x4000 0xc 0x200 0.18 7c80b151582aa6280e754b477343e54e INIT 0x5000 0x364 0x400 4.51 f238fffd3a9917d72f4888f4276b3b06 .rsrc 0x6000 0x3f8 0x400 3.41 bcf1072aa34a8a498b8bedc81661ffa5 .reloc 0x7000 0x8a 0x200 1.37 064d7db7c16955d4dc6d3f7afb703e06 ( 2 imports ) > ataport.SYS: AtaPortNotification, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortMoveMemory, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortUshort, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange > NTOSKRNL.exe: KeTickCount ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: ATAPI IDE Miniport Driver original name: atapi.sys internal name: atapi.sys file version.: 6.0.6001.22193 (vistasp1_ldr.080602-1506) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Ich poste das Antivir Log am Montag morgen da ich den PC im Büro habe und nun Feierabend mache hoffe das ist ok 
|
|
|
|
|
|
|
14.11.2009, 21:39
Member
Beiträge: 694 |
||
|
|
|
|
|
16.11.2009, 07:36
Member
Themenstarter Beiträge: 34 |
#9
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 13. November 2009 18:26 Es wird nach 1902582 Virenstämmen gesucht. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 1) [6.0.6001] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : MULOO-PC Versionsinformationen: BUILD.DAT : 9.0.0.410 18074 Bytes 25.09.2009 11:51:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 13:36:08 AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 12:04:10 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 11:35:44 LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 10:41:59 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 12:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 09:21:42 ANTIVIR2.VDF : 7.1.6.222 5998592 Bytes 11.11.2009 14:41:06 ANTIVIR3.VDF : 7.1.6.234 120320 Bytes 13.11.2009 14:48:21 Engineversion : 8.2.1.65 AEVDF.DLL : 8.1.1.2 106867 Bytes 10.11.2009 14:19:23 AESCRIPT.DLL : 8.1.2.44 586107 Bytes 10.11.2009 14:19:22 AESCN.DLL : 8.1.2.5 127346 Bytes 10.11.2009 14:19:21 AERDL.DLL : 8.1.3.2 479604 Bytes 10.11.2009 14:19:19 AEPACK.DLL : 8.2.0.3 422261 Bytes 10.11.2009 14:19:17 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 09:59:39 AEHEUR.DLL : 8.1.0.180 2093432 Bytes 10.11.2009 14:19:15 AEHELP.DLL : 8.1.7.0 237940 Bytes 10.11.2009 14:19:11 AEGEN.DLL : 8.1.1.74 364917 Bytes 13.11.2009 14:48:22 AEEMU.DLL : 8.1.1.0 393587 Bytes 10.11.2009 14:19:07 AECORE.DLL : 8.1.8.2 184694 Bytes 10.11.2009 14:19:04 AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 14:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 08:47:56 AVPREF.DLL : 9.0.3.0 44289 Bytes 13.11.2009 14:48:30 AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 14:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 15:25:04 AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 15:05:37 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 10:37:04 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 15:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 08:21:28 NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 15:41:21 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 15:35:17 RCTEXT.DLL : 9.0.37.0 87809 Bytes 17.04.2009 10:13:12 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Freitag, 13. November 2009 18:26 Der Suchlauf nach versteckten Objekten wird begonnen. Es wurden '136581' Objekte überprüft, '0' versteckte Objekte wurden gefunden. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'EXCEL.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Mobile Partner.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'pctsTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TVSched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TVCapSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'pctsSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'pctsAuxs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AEstSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wlanext.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DpHostW.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vfsFPService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht Durchsuche Prozess 'stacsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Es wurden '59' Prozesse mit '59' Modulen durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '32' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\hiberfil.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! [HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei. [HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann. C:\pagefile.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! [HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei. [HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann. Beginne mit der Suche in 'D:\' <RECOVERY> Ende des Suchlaufs: Freitag, 13. November 2009 20:27 Benötigte Zeit: 2:01:15 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 32301 Verzeichnisse wurden überprüft 497484 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 2 Dateien konnten nicht durchsucht werden 497482 Dateien ohne Befall 2561 Archive wurden durchsucht 2 Warnungen 2 Hinweise 136581 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden so wie versprochen noch der avira report. |
|
|
|
|
|
|
16.11.2009, 10:35
Member
Beiträge: 694 |
||
|
|
|
|
|
16.11.2009, 10:51
Member
Themenstarter Beiträge: 34 |
#11
Super dann kann ich nun wieder normal arbeiten danke sehr ihr seid echt super hier
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich habe hier die Log files die ihr braucht:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 6.0.6001 Service Pack 1
11.11.2009 17:56:33
mbam-log-2009-11-11 (17-56-24).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 307537
Laufzeit: 1 hour(s), 18 minute(s), 54 second(s)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
C:\Windows\freddy73.exe (Worm.KoobFace) -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Captcha7 (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Windows\freddy73.exe (Worm.KoobFace) -> No action taken.
C:\Windows\ld15.exe (Worm.KoobFace) -> No action taken.
C:\Windows\mmsmark2.dat (KoobFace.Trace) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:15:46, on 12.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\svchost.exe
C:\Windows\ld15.exe
C:\Windows\freddy73.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysldtray] C:\Windows\ld15.exe
O4 - HKLM\..\Run: [sysfbtray] C:\Windows\freddy73.exe
O4 - HKLM\..\Run: [Captcha7] rundll "C:\Program Files\captcha.dll",captcha
O4 - HKLM\..\Run: [SySmstray] C:\Windows\mstre22.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7419F3E3-06FB-4E83-8B99-22A88BAFC6F3}: NameServer = 195.141.56.5 193.192.227.3
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 15905 bytes
Hoffe es geht auch so ansonsten einfach angeben was ich noch alles machen muss.
Grüsse Muloo und Danke