| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir findet drop.agent.bsbeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.06.2010, 15:32
| #1 |
| |  Antivir findet drop.agent.bsbe Hallo, mein problem ist, dass ich mir vor einiger zeit einen virus gedownloadet und auch ausgeführt habe. Erst hat der PC die BenutzerkontrollSteuerung oder wie das heißt, von win 7 deaktiviert. Antivir, hat das zum glück sofort gemeldet und den virus in die Quarantäne verschoben. Ich habe die Benutzerkontensteuerung wieder aktiviert und kann den PC normal benutzen. Aber heute hat antivir schon wieder 4 viren gefunden. D.h. der virus ist noch da, aber macht zurzeit nichts. Da ich ihn jedoch gerne loswerden würde, bitte ich euch um hilfe. Hier der log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:28:20, on 20.06.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Max\Downloads\HiJackThis204.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://questler.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O15 - Trusted IP range: hxxp://192.168.178.1 O15 - ESC Trusted IP range: hxxp://192.168.178.1 O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10623 bytes C:Windows/SYSWOW64 Der name war immer eine zufällige kombination von buchstaben: zaqsku.exe yuzaza.exe usw. p.s. ich möchte windows nur sehr ungerne neu aufsetzen müssen, da ich keine windows cd habe(nur key), und auch keien funktionierende sicherheitskopie ( als ich anfangs dazu aufgefordert wurde, ging der brennvorgang bei cd 3 schief, und ich hatte keien rohlinge mehr.) |
|
20.06.2010, 18:44
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antivir findet drop.agent.bsbe Hallo und
__________________ Zitat:
Poste bitte mal das Log von AntiVir vollständig.
__________________ |
|
20.06.2010, 20:22
| #3 |
| | Antivir findet drop.agent.bsbe Die datei war ein Trainer für ein Spiel.
__________________Und wegen dem log: meinst du das hier? Code:
ATTFilter Exportierte Ereignisse:
20.06.2010 16:13 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\yuzaza.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51ada984.qua'
verschoben!
20.06.2010 16:13 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\zaqsku.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '492d86df.qua'
verschoben!
20.06.2010 16:13 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\yspvqi.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '03e4f362.qua'
verschoben!
20.06.2010 16:13 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\yryvid.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '65cabca3.qua'
verschoben!
20.06.2010 16:11 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\dhjqlf.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '483486a3.qua'
verschoben!
20.06.2010 16:11 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\zaqsku.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.06.2010 16:11 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\yspvqi.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.06.2010 16:11 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\yuzaza.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.06.2010 16:11 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\yryvid.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.06.2010 16:10 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\dhjqlf.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
14.06.2010 19:34 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\zrbigu.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51ece372.qua'
verschoben!
14.06.2010 19:34 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\zxmooc.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4980cc2f.qua'
verschoben!
14.06.2010 19:34 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\zkgepl.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '03b6b993.qua'
verschoben!
14.06.2010 19:34 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\zjapjs.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '658bf650.qua'
verschoben!
14.06.2010 19:33 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\zkgepl.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
14.06.2010 19:33 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\zrbigu.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
14.06.2010 19:33 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\zxmooc.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
14.06.2010 19:33 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\zjapjs.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:39 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\emzbvk.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49f1880e.qua'
verschoben!
13.06.2010 02:39 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\emzbvk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\ihubdw.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49bf863e.qua'
verschoben!
13.06.2010 02:30 [Scanner] Malware gefunden
Die Datei 'C:\Windows\SysWOW64\ufmotz.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5120a99f.qua'
verschoben!
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ihubdw.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ufmotz.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
13.06.2010 02:30 [Guard] Malware gefunden
In der Datei 'C:\Windows\SysWOW64\ihubdw.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Agent.bsbe' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
20.06.2010, 20:47
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir findet drop.agent.bsbe bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.06.2010, 13:51
| #5 |
| | Antivir findet drop.agent.bsbe Hier die OTL Scans: Code:
ATTFilter OTL logfile created on: 21.06.2010 14:36:02 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Max\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free 10,00 Gb Paging File | 9,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): c:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,99 Gb Total Space | 69,97 Gb Free Space | 24,47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 596,02 Gb Total Space | 387,91 Gb Free Space | 65,08% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAX-PC Current User Name: Max Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.21 14:20:56 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Downloads\OTL.exe PRC - [2010.06.19 17:05:42 | 000,202,040 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2010.06.17 19:46:05 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.12 16:36:47 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.05.07 14:13:51 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2010.04.24 12:11:03 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.04.02 21:08:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.08.28 07:02:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009.08.21 02:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.08.18 11:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.07.28 14:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe PRC - [2009.07.07 07:47:54 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe PRC - [2009.04.16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe ========== Modules (SafeList) ========== MOD - [2010.06.21 14:20:56 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Downloads\OTL.exe MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.08.06 06:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.06.19 17:05:42 | 000,202,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2010.06.17 19:46:05 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.05.12 16:36:47 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.04.24 12:11:03 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.12.04 01:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009.10.28 00:09:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.08.21 02:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.04.29 05:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.03.29 16:06:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.03.29 16:06:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.02.02 23:45:08 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2010.01.29 18:13:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.08.10 05:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.24 12:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.18 14:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.06 18:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.05.14 02:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.30 15:43:34 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.04.29 05:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2008.02.22 16:33:00 | 000,151,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2008.02.22 16:32:58 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2008.02.22 16:32:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2006.06.18 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2009.07.07 14:47:48 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/10/27 23:21:33] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2009.03.26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit) DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.06.18 00:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk) DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q015l03e4z165f48i2t46r IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://questler.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21 FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - user.js..network.proxy.type: 0 FF - user.js..network.proxy.http: "" FF - user.js..network.proxy.http_port: FF - user.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.28 15:41:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.09 23:00:23 | 000,000,000 | ---D | M] [2010.02.03 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Extensions [2010.02.03 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.06.20 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions [2010.04.30 18:14:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.04.30 18:14:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.30 18:14:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.03.18 19:22:40 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2010.05.08 22:52:03 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\battlefieldheroespatcher@ea.com [2010.05.12 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\eafo3fflauncher@ea.com [2010.06.10 19:12:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\2nrng1d4.default\extensions\foxyproxy@eric.h.jung [2010.06.09 23:00:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.06.09 23:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.09 23:00:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.02 03:10:39 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [MsgCenterExe] C:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a0bf9a30-0e50-11df-b350-0026227a3ac9}\Shell - "" = AutoRun O33 - MountPoints2\{a0bf9a30-0e50-11df-b350-0026227a3ac9}\Shell\AutoRun\command - "" = E:\autorun.exe autorun.hta -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.21 14:23:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.21 14:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.06.18 14:01:10 | 000,000,000 | ---D | C] -- C:\Windows\Simple Port Forwarding [2010.06.18 13:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple Port Forwarding [2010.06.17 20:03:27 | 000,000,000 | ---D | C] -- C:\HLServer [2010.06.15 14:17:03 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Eidos [2010.06.15 14:03:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations [2010.06.14 18:00:06 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Command and Conquer Generals Data [2010.06.13 22:30:00 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\World in Conflict [2010.06.13 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\World in Conflict [2010.06.12 21:15:57 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\vghd [2010.06.10 15:49:32 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.06.10 15:49:32 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.06.10 15:49:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.06.10 15:49:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.06.09 23:00:23 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.06.09 23:00:23 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.06.09 23:00:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.06.09 23:00:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.06.09 23:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.06.06 13:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.06.05 12:23:45 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\GetRightToGo [2010.06.03 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Electronic_Arts_Inc [2010.06.03 16:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010.06.02 17:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2010.06.02 02:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Max\Documents\Runes of Magic [2010.05.31 01:06:42 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\InstallShield Installation Information [2010.05.31 00:45:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\TrackMania [2010.05.31 00:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania [2010.05.30 23:06:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\FFSJ [2010.05.30 21:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever [2010.05.30 13:29:39 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\LimeWire [2010.05.29 00:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\P.Portable.CodeArmor [2010.05.28 22:35:32 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010.05.28 22:35:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010.05.28 22:35:32 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010.05.28 22:35:31 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010.05.28 22:35:31 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010.05.28 22:35:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010.05.28 22:35:31 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010.05.28 22:35:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010.05.28 18:41:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Braid [2010.05.28 16:39:21 | 000,000,000 | ---D | C] -- C:\ijji [2010.05.28 15:41:19 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\SysWow64\ijjiSetup.exe [2010.05.28 15:41:19 | 000,208,384 | ---- | C] (<YNK Intractive>) -- C:\Windows\SysWow64\uc_rohan_launching.dll [2010.05.28 15:41:19 | 000,147,456 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysWow64\uc_neosteam_launching.dll [2010.05.28 15:41:19 | 000,086,624 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\ijjiChannelingPlugin.dll [2010.05.28 15:41:19 | 000,064,000 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_sfighters_launching.dll [2010.05.28 15:41:19 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\SysWow64\ijjiProcessRestarter.exe [2010.05.28 15:41:19 | 000,061,440 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_atlantica_launching.dll [2010.05.28 15:41:19 | 000,057,952 | ---- | C] (NHN USA Corp.) -- C:\Windows\SysWow64\ijjiPlugin2.dll [2010.05.28 15:41:19 | 000,053,248 | ---- | C] (<NHN USA Inc>.) -- C:\Windows\SysWow64\uc_luminary_launching.dll [2010.05.28 15:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ijji [2010.05.25 17:15:28 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Teeworlds [2010.05.24 13:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VZPRP [2010.05.22 20:10:39 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\DivX [2010.05.22 20:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.05.22 20:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.21 14:34:39 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.21 14:34:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.21 14:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.21 14:34:06 | 3219,636,224 | -HS- | M] () -- C:\hiberfil.sys [2010.06.21 14:33:26 | 004,194,304 | -HS- | M] () -- C:\Users\Max\ntuser.dat [2010.06.21 14:33:23 | 003,155,919 | -H-- | M] () -- C:\Users\Max\AppData\Local\IconCache.db [2010.06.21 14:28:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.21 14:24:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 14:24:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.20 18:06:35 | 000,001,112 | ---- | M] () -- C:\Users\Max\Desktop\Left 4 Dead 2 By Fakoykas.lnk [2010.06.20 16:56:23 | 000,038,768 | ---- | M] () -- C:\Users\Max\Documents\Link.doc [2010.06.19 17:05:42 | 000,202,040 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.06.19 16:49:52 | 000,000,004 | -H-- | M] () -- C:\Windows\SysWow64\__iw3mp [2010.06.17 14:10:36 | 000,085,840 | ---- | M] () -- C:\Users\Max\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.17 14:10:13 | 000,358,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.15 19:58:01 | 001,639,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.15 19:58:01 | 000,706,838 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.15 19:58:01 | 000,660,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.15 19:58:01 | 000,152,398 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.15 19:58:01 | 000,124,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.15 14:16:29 | 000,000,837 | ---- | M] () -- C:\Users\Max\SciTE.session [2010.06.15 13:50:15 | 000,424,624 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2010.06.15 13:50:14 | 000,138,472 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2010.06.15 13:50:12 | 000,418,480 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2010.06.15 13:50:11 | 000,115,432 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.06.15 02:18:57 | 000,124,653 | ---- | M] () -- C:\Users\Max\Documents\Chat.doc [2010.06.13 17:52:48 | 000,000,613 | ---- | M] () -- C:\Windows\eReg.dat [2010.06.13 02:28:48 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Roaming\chrtmp [2010.06.12 21:16:04 | 000,000,007 | ---- | M] () -- C:\Windows\sbacknt.bin [2010.06.12 21:15:59 | 000,152,904 | ---- | M] () -- C:\Windows\SysWow64\vghd.scr [2010.06.10 19:13:19 | 000,015,138 | -HS- | M] () -- C:\Users\Max\Folder.jpg [2010.06.10 19:13:19 | 000,004,256 | -HS- | M] () -- C:\Users\Max\AlbumArtSmall.jpg [2010.06.10 19:08:44 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2010.06.09 23:00:15 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.06.09 23:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.06.09 23:00:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.06.09 23:00:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.06.02 17:00:22 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.06.02 02:38:58 | 000,000,798 | ---- | M] () -- C:\Users\Max\Desktop\Runes of Magic.lnk [2010.05.31 20:41:46 | 000,089,946 | ---- | M] () -- C:\ReactorException.dmp [2010.05.30 23:06:01 | 000,004,147 | ---- | M] () -- C:\Windows\unins000.dat [2010.05.30 23:05:56 | 000,794,906 | ---- | M] () -- C:\Windows\unins000.exe [2010.05.29 01:50:56 | 000,001,897 | ---- | M] () -- C:\Users\Max\Desktop\Prey.lnk [2010.05.28 22:44:01 | 001,617,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.05.27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.05.27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.05.22 20:29:03 | 000,189,480 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.05.22 19:15:56 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.19 16:49:52 | 000,000,004 | -H-- | C] () -- C:\Windows\SysWow64\__iw3mp [2010.06.13 23:21:22 | 000,001,897 | ---- | C] () -- C:\Users\Max\Desktop\Prey.lnk [2010.06.13 17:52:48 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat [2010.06.13 02:28:48 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Roaming\chrtmp [2010.06.12 21:16:04 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin [2010.06.05 21:05:01 | 000,000,798 | ---- | C] () -- C:\Users\Max\Desktop\Runes of Magic.lnk [2010.06.02 17:00:22 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.05.31 20:41:44 | 000,089,946 | ---- | C] () -- C:\ReactorException.dmp [2010.05.30 23:06:00 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe [2010.05.30 23:06:00 | 000,004,147 | ---- | C] () -- C:\Windows\unins000.dat [2010.05.28 15:41:19 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\uc_karos_launching.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.03.05 19:17:13 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2010.02.12 17:40:53 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmySQL.dll [2010.02.12 17:40:53 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\TrackerNET.dll [2010.02.05 16:16:30 | 000,000,886 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.01.31 17:38:31 | 000,000,600 | ---- | C] () -- C:\Windows\rtcwgoty.INI [2010.01.29 13:29:14 | 000,000,510 | ---- | C] () -- C:\Windows\wininit.ini [2010.01.22 11:59:48 | 001,617,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.22 10:29:51 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.01.17 01:21:50 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2010.01.09 22:41:47 | 000,000,000 | -HSD | M] -- C:\Users\Max\AppData\Roaming\.# [2010.03.22 21:34:53 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity [2010.05.11 21:06:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Bioshock2 [2010.05.28 18:42:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Braid [2010.02.07 02:37:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Camfrog [2010.01.28 23:38:01 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Command and Conquer 4 Beta [2010.01.31 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite [2010.01.29 18:17:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Pro [2010.05.30 23:07:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\FFSJ [2010.01.14 23:08:39 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\FOG Downloader [2010.01.09 22:38:10 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\GameConsole [2010.06.05 12:24:31 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\GetRightToGo [2010.03.16 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Hardcore [2010.05.09 20:05:41 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ [2010.01.11 00:18:54 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ijjigame [2010.03.16 20:38:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Juce VST Host [2010.01.09 23:37:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Leadertech [2010.06.20 20:21:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\LimeWire [2010.04.07 15:26:35 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2010.02.07 01:57:42 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ManyCam [2010.03.05 19:41:40 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\MotioninJoy [2010.02.18 22:25:54 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\OtakuSoftware [2010.01.09 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Packard Bell [2010.01.18 13:11:56 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PC Suite [2010.04.23 16:59:32 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Red Alert 3 [2010.04.24 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Red Alert 3 Uprising [2010.01.18 13:46:44 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung [2010.04.05 00:16:18 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamDrive [2010.05.25 17:19:47 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Teeworlds [2010.03.10 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TS3Client [2010.03.29 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft [2010.06.13 00:45:04 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\vghd [2010.05.10 23:13:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:93DE1838 < End of report > |
|
21.06.2010, 13:53
| #6 |
| | Antivir findet drop.agent.bsbe und teil 2. (das board, gibt anscheinend den geist auf, wenn ich alles in einen post tue) Code:
ATTFilter OTL Extras logfile created on: 21.06.2010 14:36:02 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Max\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
10,00 Gb Paging File | 9,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,99 Gb Total Space | 69,97 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 596,02 Gb Total Space | 387,91 Gb Free Space | 65,08% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAX-PC
Current User Name: Max
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UACDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Uforia\Mercenary Wars\Bin\MWGame.exe" = C:\Uforia\Mercenary Wars\Bin\MWGame.exe:*:Enabled:MWGame -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exed | Stopped] -- C:\Windows\Vss -- (VSS) -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exeArms.exed | Stopped] -- C:\Windows\Vss -- (VSS) -- File not found
"C:\Uforia\Mercenary Wars\Bin\MWGame.exe" = C:\Uforia\Mercenary Wars\Bin\MWGame.exe:*:Enabled:MWGame -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exewallPolicy\StandardProfile\AuthorizedApplications\List -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"KeyLemon" = KeyLemon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{16393B5A-43A8-434B-B22A-0724581F7873}" = GameShadow
"{179F3115-969C-454C-B524-464A026FD202}" = NavyFIELD Europa (DE)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62c03d48-3ad9-437c-a33c-a28d8104884b}" = Nero 9 Essentials
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{830AEB51-7904-4163-939D-2640E0E125BA}" = Far Cry
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91CD08AA-5402-4C64-A9CA-C7B4A479C003}_is1" = Counter Strike Source v1.0.0.34
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE4BA4C3-6DE4-404C-9B69-A84709BED752}" = Conflict Denied Ops
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"ASIO4ALL" = ASIO4ALL
"AutoItv3" = AutoIt v3.3.4.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"Cross Fire_is1" = Cross Fire En
"DivX Setup.divx.com" = DivX-Setup
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.4
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Half-Life" = Half-Life
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"JDownloader" = JDownloader
"Just Cause 2_is1" = Just Cause 2
"League of Legends_is1" = League of Legends
"Left 4 Dead" = Left 4 Dead
"Left4Dead2-hohesC_is1" = Left 4 Dead 2 - 2.0.2.3
"LimeWire" = LimeWire 5.5.8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenAL" = OpenAL
"Pack 500 track" = Pack 500 track
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Plants vs. Zombies" = Plants vs. Zombies
"PoiZone" = PoiZone
"Portal1.5" = Portal
"PunkBusterSvc" = PunkBuster Services
"Sauerbraten" = Sauerbraten
"Sawer" = Sawer
"SciTE4AutoIt3" = SciTE4AutoIt3 2/6/2010
"Sierra Utilities" = Sierra Utilities
"Simple Port Forwarding" = Simple Port Forwarding
"SpeedFan" = SpeedFan (remove only)
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 13140" = America's Army 3
"Steam App 25700" = Madballs in...Babo: Invasion
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 40" = Deathmatch Classic
"Steam App 5" = Dedicated Server
"Steam App 60" = Ricochet
"Steam App 80" = Condition Zero
"SystemRequirementsLab" = System Requirements Lab
"Tactical Ops" = Tactical Ops
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Terror_is1" = Urban Terror 4.1
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"Visual Zip Password Recovery" = Visual Zip Password Recovery
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"World in Conflict - Deutsche Texte für V.1.0.0.0_is1" = World in Conflict - Deutsch Texte für V.1.0.0.0
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Filmmakers Video Uploader" = Filmmakers Video Uploader
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"NCsoft-Aion" = Aion
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Malware bytes braucht noch ein bisschen |
|
21.06.2010, 15:29
| #7 |
| | Antivir findet drop.agent.bsbe Malwarebytes hat nichts interessantes gefunden: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4220
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.06.2010 16:25:56
mbam-log-2010-06-21 (16-25-56).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 436839
Laufzeit: 1 Stunde(n), 48 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Max\Anderes\AutoIt3\Extras\SQLite\sqlite3.exe (Trojan.Clicker) -> No action taken.
C:\Users\Max\Anderes\hacks\PerX Injector\PerX.exe (Backdoor.Bot) -> No action taken.
2. Autoit kann ich mir auch nicht vorstellen, dass es ein virus ist. |
|
21.06.2010, 15:32
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir findet drop.agent.bsbeZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2010, 15:45
| #9 |
| | Antivir findet drop.agent.bsbe Mit perx kann man ddl datein in ein programm hinzufügen. Also kann man z.b. bei spielen wie call of duty einen mod laufen lassen (z.b. zombie gegner im multiplayer) |
|
| Themen zu Antivir findet drop.agent.bsbe |
| adobe, antivir, antivir guard, avg, avira, bho, desktop, excel, explorer, firefox, google, gupdate, hijack, hijackthis, internet, internet explorer, launch, logfile, loswerden, monitor, mozilla, neu aufsetzen, packard bell, pc normal, photoshop, plug-in, problem, software, syswow64, viren, virus, windows |
Linear-Darstellung
