| |
| |||||||
Log-Analyse und Auswertung: Recycler auf USBWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.04.2011, 20:27
| #16 |
 |  Recycler auf USB wurde gemacht. was wurde da eig für sachen gelöscht? OTL: All processes killed ========== OTL ========== No active process named snuvcdsm.exe was found! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SNUVCDSM deleted successfully. C:\Windows\snuvcdsm.exe moved successfully. File C:\Users\Alina\Desktop\removerecycler.exe not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\Windows\System32\Setup.exe moved successfully. C:\Windows\System32\drivers\sncduvc.sys moved successfully. C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{610f0dd8-e2b3-11df-b994-00030ddc98ac}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{610f0dd8-e2b3-11df-b994-00030ddc98ac}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{610f0dd8-e2b3-11df-b994-00030ddc98ac}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{610f0dd8-e2b3-11df-b994-00030ddc98ac}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7491a688-1d5b-11df-a473-00030ddc98ac}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7491a688-1d5b-11df-a473-00030ddc98ac}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7491a688-1d5b-11df-a473-00030ddc98ac}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7491a688-1d5b-11df-a473-00030ddc98ac}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5e6d65-3404-11df-855d-00030ddc98ac}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5e6d65-3404-11df-855d-00030ddc98ac}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5e6d65-3404-11df-855d-00030ddc98ac}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5e6d65-3404-11df-855d-00030ddc98ac}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e37e4743-6651-11df-9742-00030ddc98ac}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e37e4743-6651-11df-9742-00030ddc98ac}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e37e4743-6651-11df-9742-00030ddc98ac}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e37e4743-6651-11df-9742-00030ddc98ac}\ not found. File E:\AutoRun.exe not found. Prefs.js: "isa.w13.local" removed from network.proxy.http Prefs.js: 8080 removed from network.proxy.http_port Prefs.js: 0 removed from network.proxy.type ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Alina ->Temp folder emptied: 544789 bytes ->Temporary Internet Files folder emptied: 89650061 bytes ->Java cache emptied: 13689500 bytes ->FireFox cache emptied: 25091996 bytes ->Flash cache emptied: 2203 bytes User: Public User: Alina ->Temp folder emptied: 8075 bytes ->Temporary Internet Files folder emptied: 11716138 bytes ->Java cache emptied: 822696 bytes ->FireFox cache emptied: 116353896 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2863964 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 55799 bytes RecycleBin emptied: 42570973 bytes Total Files Cleaned = 289,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04262011_211345 Files\Folders moved on Reboot... C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{2A84D48F-0773-4828-BC0B-A6B6C9967033}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2D056031-45B6-4165-9B39-C7DCEBE04C79}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2F92DDD1-075A-451B-BB34-025019F2B5A0}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4AFC0474-6DEF-4638-89D4-DDD224C6BF87}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{725329E6-D33C-4E99-BD6E-B143246BBBEE}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{995F4F23-D99A-4223-9D8C-9C3624A6624B}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9B8D2CF4-7FD7-46B9-8F17-198B71AF4275}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A9B9444D-64D8-4F90-BD71-7C66DD54051F}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AD5C3043-2169-43AB-94E3-DDD686141A18}.tmp moved successfully. C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BD79456B-01A8-4285-9596-18F2E161DE4B}.tmp moved successfully. File\Folder C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoB3BC.tmp not found! File\Folder C:\Users\Alina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoB3DC.tmp not found! Registry entries deleted on Reboot... |
|
27.04.2011, 09:46
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Recycler auf USB Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
27.04.2011, 20:11
| #18 |
| | Recycler auf USB Mit Kaspersky gescannt, aber nichts gefunden...
__________________ |
|
28.04.2011, 09:21
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Recycler auf USB Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.04.2011, 20:08
| #20 |
| | Recycler auf USB Combofix Logfile: Code:
ATTFilter ComboFix 11-04-28.01 - Alina 28.04.2011 20:30:38.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.3033.1941 [GMT 2:00]
ausgeführt von:: c:\users\Alina\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trkolgfm.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-28 bis 2011-04-28 ))))))))))))))))))))))))))))))
.
.
2011-04-28 18:43 . 2011-04-28 18:47 -------- d-----w- c:\users\Alina\AppData\Local\temp
2011-04-28 18:43 . 2011-04-28 18:43 -------- d-----w- c:\users\Alina\AppData\Local\temp
2011-04-28 18:43 . 2011-04-28 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-28 15:02 . 2011-04-28 15:02 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-04-28 15:02 . 2011-04-28 15:02 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-04-28 15:02 . 2011-04-28 15:02 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-04-28 15:02 . 2011-04-28 15:02 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-04-28 15:02 . 2011-04-28 15:02 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-04-28 15:02 . 2011-04-28 15:02 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-28 15:02 . 2011-04-28 15:02 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-04-28 15:02 . 2011-04-28 15:02 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-04-28 15:02 . 2011-04-28 15:02 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-04-28 15:02 . 2011-04-28 15:02 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-04-28 15:02 . 2011-04-28 15:02 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-04-28 15:02 . 2011-04-28 15:02 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-04-28 15:01 . 2011-04-28 15:01 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-04-28 15:01 . 2011-04-28 15:01 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-04-28 15:01 . 2011-04-28 15:01 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-04-28 15:01 . 2011-04-28 15:01 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-04-28 15:01 . 2011-04-28 15:01 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-04-27 16:34 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 16:29 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-26 07:09 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{929FE0D4-0953-447C-9340-4576E7469878}\mpengine.dll
2011-04-21 10:00 . 2011-04-21 10:00 -------- d-----w- c:\program files\CCleaner
2011-04-20 18:37 . 2011-04-20 18:37 -------- d-----w- c:\users\Alina\AppData\Roaming\Malwarebytes
2011-04-20 18:37 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 18:37 . 2011-04-20 18:37 -------- d-----w- c:\programdata\Malwarebytes
2011-04-20 18:37 . 2011-04-20 18:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 18:37 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-17 23:46 . 2011-04-28 15:08 -------- d-----w- c:\users\Alina\llscbgvv
2011-04-14 21:28 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 21:28 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 21:28 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 21:28 . 2011-02-18 05:36 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 21:28 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 21:28 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 21:28 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 21:28 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 21:26 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 21:26 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 21:26 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 21:26 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 21:26 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 21:26 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 21:26 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 21:26 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 21:26 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 21:26 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 20:59 . 2009-11-09 12:55 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 18:26 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 18:26 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 18:26 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 23:06 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2009-11-07 18:37 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-02-22 2633976]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-06-19 210216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-08 281768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2010-9-1 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_EE62FFA7BF4509BDE1FAB8.exe [2009-8-27 3262]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
R3 netr28;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-07-10 842752]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-08 135336]
S2 LiveGpdKBFilter;LiveGpdKBFilter; [x]
S2 LiveIO;LiveIO; [x]
S2 MSSQL$MESONIC;SQL Server (MESONIC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 Livekbc;Livekbc; [x]
S3 Livemouclass;Livemouclass; [x]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 14:04]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 14:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/ig?hl=de&source=iglk
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\c5e2jebd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - %profile%\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
AddRemove-LADSPA_plugins-win_is1 - c:\program files\Audacity\Plug-Ins\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-28 20:58:32
ComboFix-quarantined-files.txt 2011-04-28 18:58
.
Vor Suchlauf: 10 Verzeichnis(se), 249.336.061.952 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 249.419.882.496 Bytes frei
.
- - End Of File - - 238BC0BF52F1EC0DD50A1DA0F4CA0488
|
|
28.04.2011, 20:45
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Recycler auf USB Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> Recycler auf USB |
|
28.04.2011, 23:42
| #22 |
| | Recycler auf USB GMER: (OSAM und MBRCheck folgen bald) GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-29 00:36:55
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG00
Running: v1bz6lur.exe; Driver: C:\Users\Alina\AppData\Local\Temp\awtiafow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8305C589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83081092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Alina\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[216] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[216] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[216] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe[216] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Windows\System32\igfxtray.exe[424] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Windows\System32\igfxtray.exe[424] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Windows\System32\igfxtray.exe[424] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Windows\System32\igfxtray.exe[424] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[496] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[496] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[496] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe[496] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Windows\System32\hkcmd.exe[636] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Windows\System32\hkcmd.exe[636] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Windows\System32\hkcmd.exe[636] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Windows\System32\hkcmd.exe[636] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!InternetCloseHandle 76D8C83E 5 Bytes JMP 2004E132
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!InternetReadFile 76D8E264 5 Bytes JMP 2004EAD7
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!HttpSendRequestW 76D8EEB3 5 Bytes JMP 2004E0D3
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!HttpOpenRequestA 76D903FA 5 Bytes JMP 2004EB92
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!HttpOpenRequestW 76D905D3 5 Bytes JMP 2004EBBF
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!InternetQueryDataAvailable 76D941CB 5 Bytes JMP 2004E7B8
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!InternetOpenUrlA 76D9DBD0 5 Bytes JMP 2004EBEC
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!HttpSendRequestExW 76DA8E44 5 Bytes JMP 2004E012
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!InternetWriteFile 76DA90F0 5 Bytes JMP 2004E105
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!InternetReadFileExW 76DB12E9 5 Bytes JMP 2004E9BC
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!InternetReadFileExA 76DB1321 5 Bytes JMP 2004E915
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!InternetOpenUrlW 76DEE0D4 5 Bytes JMP 2004EC13
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!HttpSendRequestExA 76E004D6 5 Bytes JMP 2004E058
.text C:\Windows\System32\hkcmd.exe[636] WININET.dll!HttpSendRequestA 76E005BC 5 Bytes JMP 2004E09E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!InternetCloseHandle 76D8C83E 5 Bytes JMP 2004E132
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!InternetReadFile 76D8E264 5 Bytes JMP 2004EAD7
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!HttpSendRequestW 76D8EEB3 5 Bytes JMP 2004E0D3
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!HttpOpenRequestA 76D903FA 5 Bytes JMP 2004EB92
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!HttpOpenRequestW 76D905D3 5 Bytes JMP 2004EBBF
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!InternetQueryDataAvailable 76D941CB 5 Bytes JMP 2004E7B8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!InternetOpenUrlA 76D9DBD0 5 Bytes JMP 2004EBEC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!HttpSendRequestExW 76DA8E44 5 Bytes JMP 2004E012
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!InternetWriteFile 76DA90F0 5 Bytes JMP 2004E105
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!InternetReadFileExW 76DB12E9 5 Bytes JMP 2004E9BC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!InternetReadFileExA 76DB1321 5 Bytes JMP 2004E915
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!InternetOpenUrlW 76DEE0D4 5 Bytes JMP 2004EC13
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!HttpSendRequestExA 76E004D6 5 Bytes JMP 2004E058
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[948] WININET.dll!HttpSendRequestA 76E005BC 5 Bytes JMP 2004E09E
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!sendto 75AD3AED 5 Bytes JMP 2004D423
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!closesocket 75AD3BED 5 Bytes JMP 2004DA66
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!WSARecvFrom 75AD418D 5 Bytes JMP 2004D985
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!recv 75AD47DF 5 Bytes JMP 2004D6DE
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!WSASend 75AD68A7 5 Bytes JMP 2004D7C2
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!recvfrom 75ADBF39 5 Bytes JMP 2004D74D
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!WSARecv 75ADC29F 5 Bytes JMP 2004D8AA
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!send 75ADC4C8 5 Bytes JMP 2004D3D5
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[956] WS2_32.dll!WSASendTo 75AEADC4 5 Bytes JMP 2004D833
.text C:\Windows\System32\igfxpers.exe[1220] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Windows\System32\igfxpers.exe[1220] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Windows\System32\igfxpers.exe[1220] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Windows\System32\igfxpers.exe[1220] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Windows\system32\taskhost.exe[1232] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Windows\system32\taskhost.exe[1232] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Windows\system32\taskhost.exe[1232] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Windows\system32\taskhost.exe[1232] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1396] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1396] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1396] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1396] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Windows\PLFSetL.exe[1768] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Windows\PLFSetL.exe[1768] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Windows\PLFSetL.exe[1768] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Windows\PLFSetL.exe[1768] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!sendto 75AD3AED 5 Bytes JMP 2004D423
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!closesocket 75AD3BED 5 Bytes JMP 2004DA66
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!WSARecvFrom 75AD418D 5 Bytes JMP 2004D985
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!recv 75AD47DF 5 Bytes JMP 2004D6DE
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!WSASend 75AD68A7 5 Bytes JMP 2004D7C2
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!recvfrom 75ADBF39 5 Bytes JMP 2004D74D
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!WSARecv 75ADC29F 5 Bytes JMP 2004D8AA
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!send 75ADC4C8 5 Bytes JMP 2004D3D5
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2324] WS2_32.dll!WSASendTo 75AEADC4 5 Bytes JMP 2004D833
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!InternetCloseHandle 76D8C83E 5 Bytes JMP 2004E132
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!InternetReadFile 76D8E264 5 Bytes JMP 2004EAD7
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!HttpSendRequestW 76D8EEB3 5 Bytes JMP 2004E0D3
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!HttpOpenRequestA 76D903FA 5 Bytes JMP 2004EB92
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!HttpOpenRequestW 76D905D3 5 Bytes JMP 2004EBBF
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!InternetQueryDataAvailable 76D941CB 5 Bytes JMP 2004E7B8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!InternetOpenUrlA 76D9DBD0 5 Bytes JMP 2004EBEC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!HttpSendRequestExW 76DA8E44 5 Bytes JMP 2004E012
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!InternetWriteFile 76DA90F0 5 Bytes JMP 2004E105
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!InternetReadFileExW 76DB12E9 5 Bytes JMP 2004E9BC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!InternetReadFileExA 76DB1321 5 Bytes JMP 2004E915
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!InternetOpenUrlW 76DEE0D4 5 Bytes JMP 2004EC13
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!HttpSendRequestExA 76E004D6 5 Bytes JMP 2004E058
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2340] WININET.dll!HttpSendRequestA 76E005BC 5 Bytes JMP 2004E09E
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!InternetCloseHandle 76D8C83E 5 Bytes JMP 2004E132
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!InternetReadFile 76D8E264 5 Bytes JMP 2004EAD7
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!HttpSendRequestW 76D8EEB3 5 Bytes JMP 2004E0D3
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!HttpOpenRequestA 76D903FA 5 Bytes JMP 2004EB92
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!HttpOpenRequestW 76D905D3 5 Bytes JMP 2004EBBF
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!InternetQueryDataAvailable 76D941CB 5 Bytes JMP 2004E7B8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!InternetOpenUrlA 76D9DBD0 5 Bytes JMP 2004EBEC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!HttpSendRequestExW 76DA8E44 5 Bytes JMP 2004E012
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!InternetWriteFile 76DA90F0 5 Bytes JMP 2004E105
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!InternetReadFileExW 76DB12E9 5 Bytes JMP 2004E9BC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!InternetReadFileExA 76DB1321 5 Bytes JMP 2004E915
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!InternetOpenUrlW 76DEE0D4 5 Bytes JMP 2004EC13
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!HttpSendRequestExA 76E004D6 5 Bytes JMP 2004E058
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2348] WININET.dll!HttpSendRequestA 76E005BC 5 Bytes JMP 2004E09E
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2548] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2548] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2548] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[2548] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Windows\System32\StikyNot.exe[2556] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Windows\System32\StikyNot.exe[2556] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Windows\System32\StikyNot.exe[2556] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Windows\System32\StikyNot.exe[2556] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!InternetCloseHandle 76D8C83E 5 Bytes JMP 2004E132
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!InternetReadFile 76D8E264 5 Bytes JMP 2004EAD7
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!HttpSendRequestW 76D8EEB3 5 Bytes JMP 2004E0D3
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!HttpOpenRequestA 76D903FA 5 Bytes JMP 2004EB92
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!HttpOpenRequestW 76D905D3 5 Bytes JMP 2004EBBF
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!InternetQueryDataAvailable 76D941CB 5 Bytes JMP 2004E7B8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!InternetOpenUrlA 76D9DBD0 5 Bytes JMP 2004EBEC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!HttpSendRequestExW 76DA8E44 5 Bytes JMP 2004E012
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!InternetWriteFile 76DA90F0 5 Bytes JMP 2004E105
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!InternetReadFileExW 76DB12E9 5 Bytes JMP 2004E9BC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!InternetReadFileExA 76DB1321 5 Bytes JMP 2004E915
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!InternetOpenUrlW 76DEE0D4 5 Bytes JMP 2004EC13
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!HttpSendRequestExA 76E004D6 5 Bytes JMP 2004E058
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] WININET.dll!HttpSendRequestA 76E005BC 5 Bytes JMP 2004E09E
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!sendto 75AD3AED 5 Bytes JMP 2004D423
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!closesocket 75AD3BED 5 Bytes JMP 2004DA66
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!WSARecvFrom 75AD418D 5 Bytes JMP 2004D985
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!recv 75AD47DF 5 Bytes JMP 2004D6DE
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!WSASend 75AD68A7 5 Bytes JMP 2004D7C2
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!recvfrom 75ADBF39 5 Bytes JMP 2004D74D
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!WSARecv 75ADC29F 5 Bytes JMP 2004D8AA
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!send 75ADC4C8 5 Bytes JMP 2004D3D5
.text C:\Program Files\Windows Sidebar\sidebar.exe[2696] ws2_32.DLL!WSASendTo 75AEADC4 5 Bytes JMP 2004D833
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] USER32.dll!EndPaint 772D7B73 5 Bytes JMP 103B1430 C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] USER32.dll!BeginPaint 772D7B87 5 Bytes JMP 103B13C0 C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!sendto 75AD3AED 5 Bytes JMP 2004D423
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!closesocket 75AD3BED 5 Bytes JMP 2004DA66
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!WSARecvFrom 75AD418D 5 Bytes JMP 2004D985
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!recv 75AD47DF 5 Bytes JMP 2004D6DE
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!WSASend 75AD68A7 5 Bytes JMP 2004D7C2
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!recvfrom 75ADBF39 5 Bytes JMP 2004D74D
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!WSARecv 75ADC29F 5 Bytes JMP 2004D8AA
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!send 75ADC4C8 5 Bytes JMP 2004D3D5
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WS2_32.dll!WSASendTo 75AEADC4 5 Bytes JMP 2004D833
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!InternetCloseHandle 76D8C83E 5 Bytes JMP 2004E132
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!InternetReadFile 76D8E264 5 Bytes JMP 2004EAD7
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!HttpSendRequestW 76D8EEB3 5 Bytes JMP 2004E0D3
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!HttpOpenRequestA 76D903FA 5 Bytes JMP 2004EB92
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!HttpOpenRequestW 76D905D3 5 Bytes JMP 2004EBBF
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!InternetQueryDataAvailable 76D941CB 5 Bytes JMP 2004E7B8
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!InternetOpenUrlA 76D9DBD0 5 Bytes JMP 2004EBEC
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!HttpSendRequestExW 76DA8E44 5 Bytes JMP 2004E012
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!InternetWriteFile 76DA90F0 5 Bytes JMP 2004E105
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!InternetReadFileExW 76DB12E9 5 Bytes JMP 2004E9BC
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!InternetReadFileExA 76DB1321 5 Bytes JMP 2004E915
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!InternetOpenUrlW 76DEE0D4 5 Bytes JMP 2004EC13
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!HttpSendRequestExA 76E004D6 5 Bytes JMP 2004E058
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2700] WININET.dll!HttpSendRequestA 76E005BC 5 Bytes JMP 2004E09E
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2712] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2001FF3F
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2712] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20017A40
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2712] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2001FDBB
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2712] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2001C9AD
.text C:\Windows\system32\Dwm.exe[4020] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Windows\system32\Dwm.exe[4020] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Windows\system32\Dwm.exe[4020] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Windows\system32\Dwm.exe[4020] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe[4220] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2001FF3F
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe[4220] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20017A40
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe[4220] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2001FDBB
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe[4220] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2001C9AD
.text C:\Windows\system32\wuauclt.exe[5060] ntdll.dll!NtQueryDirectoryFile 77575240 5 Bytes JMP 2004FF3F
.text C:\Windows\system32\wuauclt.exe[5060] ntdll.dll!NtResumeThread 77575750 5 Bytes JMP 20047A40
.text C:\Windows\system32\wuauclt.exe[5060] ntdll.dll!LdrLoadDll 7758F5B5 5 Bytes JMP 2004FDBB
.text C:\Windows\system32\wuauclt.exe[5060] USER32.dll!TranslateMessage 772D910F 5 Bytes JMP 2004C9AD
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Livekbc.SYS (Windows NT Caps-lock Ctrl Swapper/Systems Internals)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Livekbc.SYS (Windows NT Caps-lock Ctrl Swapper/Systems Internals)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000059 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f009d19
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421934f24
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f009d19 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421934f24 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
|
28.04.2011, 23:52
| #23 |
| | Recycler auf USB OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 00:48:56 on 29.04.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "awtiafow" (awtiafow) - ? - C:\Users\Alina\AppData\Local\Temp\awtiafow.sys (Hidden registry entry, rootkit activity | File not found) "catchme" (catchme) - ? - C:\Users\Alina\AppData\Local\Temp\catchme.sys (File not found) "LiveGpdKBFilter" (LiveGpdKBFilter) - "Windows (R) Win 7 DDK provider" - C:\Windows\system32\drivers\LiveGpdKBFilter.sys "LiveIO" (LiveIO) - ? - C:\Windows\system32\drivers\LiveIO.sys (File found, but it contains no detailed information) "Livekbc" (Livekbc) - "Systems Internals" - C:\Windows\system32\drivers\Livekbc.sys "Livemouclass" (Livemouclass) - "Systems Internals" - C:\Windows\system32\drivers\Livemouclass.sys "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Reallusion Virtual Audio" (ReallusionVirtualAudio) - ? - C:\Windows\System32\DRIVERS\RLVrtAuCbl.sys (File signed by Microsoft | File found, but it contains no detailed information) "Realtek IR Driver" (RtsUIR) - ? - C:\Windows\System32\DRIVERS\Rts516xIR.sys (File not found) "Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} "BatchDownloader Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\DigWXMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {9122D757-5A4F-4768-82C5-B4171D8556A7} "PhotoPickConvert Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\PhtPkMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab {4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "ViiKiiDesktopPlugin.lnk" - ? - C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OSD.lnk" - "ODM" - C:\Program Files\OEM\LIVE! OSD 1.12\osd.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "VeohPlugin" - "Veoh Networks" - "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" "RemoteControl9" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" "UpdatePPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" "UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "SonicStage Back-End Service" (SonicStage Back-End Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe "SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe "SQL Server (MESONIC)" (MSSQL$MESONIC) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: QUANMAX BIOS Manufacturer: Phoenix System Manufacturer: QUANMAX System Product Name: Platin SE Logical Drives Mask: 0x0000000c Kernel Drivers (total 194): 0x83019000 \SystemRoot\system32\ntkrnlpa.exe 0x83429000 \SystemRoot\system32\halmacpi.dll 0x80BA1000 \SystemRoot\system32\kdcom.dll 0x8360E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x83686000 \SystemRoot\system32\PSHED.dll 0x83697000 \SystemRoot\system32\BOOTVID.dll 0x8369F000 \SystemRoot\system32\CLFS.SYS 0x836E1000 \SystemRoot\system32\CI.dll 0x8378C000 \SystemRoot\system32\drivers\Wdf01000.sys 0x83600000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x83C0E000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x83C56000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x83C5F000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x83C67000 \SystemRoot\system32\DRIVERS\pci.sys 0x83C91000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x83C9C000 \SystemRoot\System32\drivers\partmgr.sys 0x83CAD000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x83CB5000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x83CC0000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x83CD0000 \SystemRoot\System32\drivers\volmgrx.sys 0x83D1B000 \SystemRoot\System32\drivers\mountmgr.sys 0x83E26000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x83F00000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x83F09000 \SystemRoot\system32\drivers\fltmgr.sys 0x83F3D000 \SystemRoot\system32\drivers\fileinfo.sys 0x83F4E000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8B60A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B739000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B764000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B777000 \SystemRoot\System32\Drivers\cng.sys 0x8B7D4000 \SystemRoot\System32\drivers\pcw.sys 0x8B7E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x83D31000 \SystemRoot\system32\drivers\ndis.sys 0x83F57000 \SystemRoot\system32\drivers\NETIO.SYS 0x83F95000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B825000 \SystemRoot\System32\drivers\tcpip.sys 0x8B96E000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B99F000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B9DE000 \SystemRoot\System32\Drivers\spldr.sys 0x83FBA000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B9E6000 \SystemRoot\System32\Drivers\mup.sys 0x8B9F6000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BA32000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8BA64000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BA75000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BBB1000 \SystemRoot\System32\Drivers\Null.SYS 0x8BBB8000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BBBF000 \SystemRoot\System32\drivers\vga.sys 0x8BBCB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8BBEC000 \SystemRoot\System32\drivers\watchdog.sys 0x8BA00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8BA08000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8BA10000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8BA18000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8BA23000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8BB92000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B800000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8FA04000 \SystemRoot\system32\drivers\afd.sys 0x8FA5E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8FA90000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8FA97000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8FAB6000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x8FAC7000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8FAD5000 \SystemRoot\System32\Drivers\tosrfcom.sys 0x8FAE5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8FAF8000 \??\C:\Windows\system32\Drivers\vmm.sys 0x8FB33000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8FB43000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8FB49000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8FB8A000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8FB94000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8FB9E000 \SystemRoot\System32\drivers\discache.sys 0x8FBAA000 \SystemRoot\System32\Drivers\dfsc.sys 0x8FBC2000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8FBD0000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8FBF6000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x83E00000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x9363F000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x95219000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x952D0000 \SystemRoot\System32\drivers\dxgmms1.sys 0x95309000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x95314000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x9535F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x9536E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x966F8000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x96729000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x96741000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9674E000 \SystemRoot\System32\Drivers\Livekbc.SYS 0x9674F000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x96782000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x96784000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x96791000 \SystemRoot\System32\Drivers\Livemouclass.SYS 0x96792000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x96796000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x9679F000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x967B1000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys 0x967C0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x967CD000 \SystemRoot\system32\DRIVERS\RLVrtAuCbl.sys 0x9538D000 \SystemRoot\system32\DRIVERS\portcls.sys 0x967D5000 \SystemRoot\system32\DRIVERS\drmk.sys 0x953BC000 \SystemRoot\system32\DRIVERS\ks.sys 0x967EE000 \SystemRoot\System32\Drivers\RootMdm.sys 0x953F0000 \SystemRoot\system32\drivers\modem.sys 0x95200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x93F5C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x93F74000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x93F7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x93FA1000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x93FB9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x93FD0000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x967F6000 \SystemRoot\system32\DRIVERS\swenum.sys 0x93FE7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x98614000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x98658000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8283B000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x82AC4000 \SystemRoot\system32\DRIVERS\tosporte.sys 0x82ACF000 \SystemRoot\System32\Drivers\crashdmp.sys 0x82ADC000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x82BB6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x98F40000 \SystemRoot\System32\win32k.sys 0x82BC7000 \SystemRoot\System32\drivers\Dxapi.sys 0x82BD1000 \SystemRoot\system32\DRIVERS\monitor.sys 0x991A0000 \SystemRoot\System32\TSDDD.dll 0x991D0000 \SystemRoot\System32\cdd.dll 0x82BDC000 \SystemRoot\system32\drivers\luafv.sys 0x82800000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x82815000 \SystemRoot\system32\drivers\WudfPf.sys 0x98669000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x98679000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x986BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x986CF000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x986E2000 \SystemRoot\system32\drivers\HTTP.sys 0x98767000 \SystemRoot\system32\DRIVERS\bowser.sys 0x98780000 \SystemRoot\System32\drivers\mpsdrv.sys 0x98792000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x987B5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x96600000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x8282F000 \SystemRoot\System32\Drivers\LiveGpdKBFilter.SYS 0x82830000 \SystemRoot\System32\Drivers\LiveIO.SYS 0x96633000 \SystemRoot\system32\drivers\peauth.sys 0x987F0000 \SystemRoot\System32\Drivers\secdrv.SYS 0x966CA000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x98600000 \SystemRoot\System32\drivers\tcpipreg.sys 0x8BA9A000 \SystemRoot\System32\DRIVERS\srv2.sys 0x8BAE9000 \SystemRoot\System32\DRIVERS\srv.sys 0x82839000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x82BF7000 \??\C:\Users\Alina\AppData\Local\Temp\catchme.sys 0xB7F6B000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xB7F74000 \??\C:\Users\Alina\AppData\Local\Temp\awtiafow.sys 0xB7F8D000 \SystemRoot\system32\DRIVERS\tosrfusb.sys 0xB7F98000 \SystemRoot\system32\DRIVERS\tosrfbd.sys 0xB7FC0000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys 0xB7E00000 \SystemRoot\system32\DRIVERS\rtl8192se.sys 0xB7EEC000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0xB7EF6000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x77530000 \Windows\System32\ntdll.dll 0x484E0000 \Windows\System32\smss.exe 0x77770000 \Windows\System32\apisetschema.dll 0x00970000 \Windows\System32\autochk.exe 0x77390000 \Windows\System32\setupapi.dll 0x776B0000 \Windows\System32\msvcrt.dll 0x772C0000 \Windows\System32\user32.dll 0x77260000 \Windows\System32\shlwapi.dll 0x77680000 \Windows\System32\imagehlp.dll 0x77060000 \Windows\System32\iertutil.dll 0x76F90000 \Windows\System32\msctf.dll 0x76F00000 \Windows\System32\clbcatq.dll 0x76EE0000 \Windows\System32\imm32.dll 0x76E80000 \Windows\System32\difxapi.dll 0x77670000 \Windows\System32\lpk.dll 0x76E70000 \Windows\System32\normaliz.dll 0x76D70000 \Windows\System32\wininet.dll 0x76D60000 \Windows\System32\psapi.dll 0x76C80000 \Windows\System32\kernel32.dll 0x76BE0000 \Windows\System32\advapi32.dll 0x76B50000 \Windows\System32\oleaut32.dll 0x76AB0000 \Windows\System32\usp10.dll 0x76970000 \Windows\System32\urlmon.dll 0x768C0000 \Windows\System32\rpcrt4.dll 0x76760000 \Windows\System32\ole32.dll 0x75B10000 \Windows\System32\shell32.dll 0x75AD0000 \Windows\System32\ws2_32.dll 0x75AB0000 \Windows\System32\sechost.dll 0x75AA0000 \Windows\System32\nsi.dll 0x75A20000 \Windows\System32\comdlg32.dll 0x759D0000 \Windows\System32\gdi32.dll 0x75980000 \Windows\System32\Wldap32.dll 0x758F0000 \Windows\System32\comctl32.dll 0x757D0000 \Windows\System32\crypt32.dll 0x757A0000 \Windows\System32\wintrust.dll 0x75770000 \Windows\System32\cfgmgr32.dll 0x75720000 \Windows\System32\KernelBase.dll 0x75700000 \Windows\System32\devobj.dll 0x756F0000 \Windows\System32\msasn1.dll Processes (total 78): 0 System Idle Process 4 System 288 C:\Windows\System32\smss.exe 420 csrss.exe 472 C:\Windows\System32\wininit.exe 480 csrss.exe 536 C:\Windows\System32\winlogon.exe 564 C:\Windows\System32\services.exe 572 C:\Windows\System32\lsass.exe 580 C:\Windows\System32\lsm.exe 696 C:\Windows\System32\svchost.exe 812 C:\Windows\System32\svchost.exe 864 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 1028 C:\Windows\System32\svchost.exe 1156 C:\Windows\System32\svchost.exe 1316 C:\Windows\System32\svchost.exe 1420 C:\Windows\System32\spoolsv.exe 1476 C:\Windows\System32\svchost.exe 1640 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1708 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 1752 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 1816 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1900 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 1944 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 436 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 464 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 1256 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2104 C:\Windows\System32\SearchIndexer.exe 2588 C:\Windows\System32\svchost.exe 2748 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe 2832 C:\Windows\System32\svchost.exe 2868 C:\Program Files\Windows Media Player\wmpnetwk.exe 4020 C:\Windows\System32\dwm.exe 2348 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2324 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2340 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 216 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 496 C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe 956 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 1768 C:\Windows\PLFSetL.exe 948 C:\Program Files\Common Files\Java\Java Update\jusched.exe 424 C:\Windows\System32\igfxtray.exe 636 C:\Windows\System32\hkcmd.exe 1220 C:\Windows\System32\igfxpers.exe 2696 C:\Program Files\Windows Sidebar\sidebar.exe 2700 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe 2556 C:\Windows\System32\StikyNot.exe 2548 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe 1396 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 3644 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 964 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1232 C:\Windows\System32\taskhost.exe 2712 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe 4220 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe 4172 C:\Windows\System32\svchost.exe 1892 dllhost.exe 5168 C:\Windows\System32\svchost.exe 5060 C:\Windows\System32\wuauclt.exe 4660 C:\Windows\explorer.exe 2992 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2112 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 3320 C:\Windows\System32\conhost.exe 5188 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1276 C:\Program Files\Avira\AntiVir Desktop\sched.exe 3744 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 1464 C:\Windows\System32\audiodg.exe 1248 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE 3596 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe 4436 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe 1212 C:\Program Files\Mozilla Firefox\firefox.exe 3248 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe 1056 C:\Program Files\Mozilla Firefox\plugin-container.exe 2972 C:\Windows\System32\taskeng.exe 5228 C:\Windows\System32\SearchProtocolHost.exe 860 C:\Windows\System32\SearchFilterHost.exe 5912 C:\Users\Alina\Downloads\MBRCheck.exe 3780 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`77100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`7eb00000 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001A Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
28.04.2011, 23:52
| #24 |
| | Recycler auf USB OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 00:48:56 on 29.04.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "awtiafow" (awtiafow) - ? - C:\Users\Alina\AppData\Local\Temp\awtiafow.sys (Hidden registry entry, rootkit activity | File not found) "catchme" (catchme) - ? - C:\Users\Alina\AppData\Local\Temp\catchme.sys (File not found) "LiveGpdKBFilter" (LiveGpdKBFilter) - "Windows (R) Win 7 DDK provider" - C:\Windows\system32\drivers\LiveGpdKBFilter.sys "LiveIO" (LiveIO) - ? - C:\Windows\system32\drivers\LiveIO.sys (File found, but it contains no detailed information) "Livekbc" (Livekbc) - "Systems Internals" - C:\Windows\system32\drivers\Livekbc.sys "Livemouclass" (Livemouclass) - "Systems Internals" - C:\Windows\system32\drivers\Livemouclass.sys "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Reallusion Virtual Audio" (ReallusionVirtualAudio) - ? - C:\Windows\System32\DRIVERS\RLVrtAuCbl.sys (File signed by Microsoft | File found, but it contains no detailed information) "Realtek IR Driver" (RtsUIR) - ? - C:\Windows\System32\DRIVERS\Rts516xIR.sys (File not found) "Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Virtual Machine Monitor" (vmm) - "Microsoft Corporation" - C:\Windows\system32\Drivers\vmm.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" - "Microsoft Corporation" - C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} "BatchDownloader Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\DigWXMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {9122D757-5A4F-4768-82C5-B4171D8556A7} "PhotoPickConvert Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\PhtPkMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab {4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Alina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "ViiKiiDesktopPlugin.lnk" - ? - C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OSD.lnk" - "ODM" - C:\Program Files\OEM\LIVE! OSD 1.12\osd.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "VeohPlugin" - "Veoh Networks" - "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" "RemoteControl9" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" "UpdatePPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" "UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - ? - C:\Program Files\NOS\bin\getPlus_Helper.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "SonicStage Back-End Service" (SonicStage Back-End Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe "SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe "SQL Server (MESONIC)" (MSSQL$MESONIC) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: QUANMAX BIOS Manufacturer: Phoenix System Manufacturer: QUANMAX System Product Name: Platin SE Logical Drives Mask: 0x0000000c Kernel Drivers (total 194): 0x83019000 \SystemRoot\system32\ntkrnlpa.exe 0x83429000 \SystemRoot\system32\halmacpi.dll 0x80BA1000 \SystemRoot\system32\kdcom.dll 0x8360E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x83686000 \SystemRoot\system32\PSHED.dll 0x83697000 \SystemRoot\system32\BOOTVID.dll 0x8369F000 \SystemRoot\system32\CLFS.SYS 0x836E1000 \SystemRoot\system32\CI.dll 0x8378C000 \SystemRoot\system32\drivers\Wdf01000.sys 0x83600000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x83C0E000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x83C56000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x83C5F000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x83C67000 \SystemRoot\system32\DRIVERS\pci.sys 0x83C91000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x83C9C000 \SystemRoot\System32\drivers\partmgr.sys 0x83CAD000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x83CB5000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x83CC0000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x83CD0000 \SystemRoot\System32\drivers\volmgrx.sys 0x83D1B000 \SystemRoot\System32\drivers\mountmgr.sys 0x83E26000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x83F00000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x83F09000 \SystemRoot\system32\drivers\fltmgr.sys 0x83F3D000 \SystemRoot\system32\drivers\fileinfo.sys 0x83F4E000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8B60A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B739000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B764000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B777000 \SystemRoot\System32\Drivers\cng.sys 0x8B7D4000 \SystemRoot\System32\drivers\pcw.sys 0x8B7E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x83D31000 \SystemRoot\system32\drivers\ndis.sys 0x83F57000 \SystemRoot\system32\drivers\NETIO.SYS 0x83F95000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B825000 \SystemRoot\System32\drivers\tcpip.sys 0x8B96E000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B99F000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B9DE000 \SystemRoot\System32\Drivers\spldr.sys 0x83FBA000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B9E6000 \SystemRoot\System32\Drivers\mup.sys 0x8B9F6000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BA32000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8BA64000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BA75000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BBB1000 \SystemRoot\System32\Drivers\Null.SYS 0x8BBB8000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BBBF000 \SystemRoot\System32\drivers\vga.sys 0x8BBCB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8BBEC000 \SystemRoot\System32\drivers\watchdog.sys 0x8BA00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8BA08000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8BA10000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8BA18000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8BA23000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8BB92000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B800000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8FA04000 \SystemRoot\system32\drivers\afd.sys 0x8FA5E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8FA90000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8FA97000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8FAB6000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x8FAC7000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8FAD5000 \SystemRoot\System32\Drivers\tosrfcom.sys 0x8FAE5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8FAF8000 \??\C:\Windows\system32\Drivers\vmm.sys 0x8FB33000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8FB43000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8FB49000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8FB8A000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8FB94000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8FB9E000 \SystemRoot\System32\drivers\discache.sys 0x8FBAA000 \SystemRoot\System32\Drivers\dfsc.sys 0x8FBC2000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8FBD0000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8FBF6000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x83E00000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x9363F000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x95219000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x952D0000 \SystemRoot\System32\drivers\dxgmms1.sys 0x95309000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x95314000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x9535F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x9536E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x966F8000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x96729000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x96741000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9674E000 \SystemRoot\System32\Drivers\Livekbc.SYS 0x9674F000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x96782000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x96784000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x96791000 \SystemRoot\System32\Drivers\Livemouclass.SYS 0x96792000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x96796000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x9679F000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x967B1000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys 0x967C0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x967CD000 \SystemRoot\system32\DRIVERS\RLVrtAuCbl.sys 0x9538D000 \SystemRoot\system32\DRIVERS\portcls.sys 0x967D5000 \SystemRoot\system32\DRIVERS\drmk.sys 0x953BC000 \SystemRoot\system32\DRIVERS\ks.sys 0x967EE000 \SystemRoot\System32\Drivers\RootMdm.sys 0x953F0000 \SystemRoot\system32\drivers\modem.sys 0x95200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x93F5C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x93F74000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x93F7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x93FA1000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x93FB9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x93FD0000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x967F6000 \SystemRoot\system32\DRIVERS\swenum.sys 0x93FE7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x98614000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x98658000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8283B000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x82AC4000 \SystemRoot\system32\DRIVERS\tosporte.sys 0x82ACF000 \SystemRoot\System32\Drivers\crashdmp.sys 0x82ADC000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x82BB6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x98F40000 \SystemRoot\System32\win32k.sys 0x82BC7000 \SystemRoot\System32\drivers\Dxapi.sys 0x82BD1000 \SystemRoot\system32\DRIVERS\monitor.sys 0x991A0000 \SystemRoot\System32\TSDDD.dll 0x991D0000 \SystemRoot\System32\cdd.dll 0x82BDC000 \SystemRoot\system32\drivers\luafv.sys 0x82800000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x82815000 \SystemRoot\system32\drivers\WudfPf.sys 0x98669000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x98679000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x986BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x986CF000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x986E2000 \SystemRoot\system32\drivers\HTTP.sys 0x98767000 \SystemRoot\system32\DRIVERS\bowser.sys 0x98780000 \SystemRoot\System32\drivers\mpsdrv.sys 0x98792000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x987B5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x96600000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x8282F000 \SystemRoot\System32\Drivers\LiveGpdKBFilter.SYS 0x82830000 \SystemRoot\System32\Drivers\LiveIO.SYS 0x96633000 \SystemRoot\system32\drivers\peauth.sys 0x987F0000 \SystemRoot\System32\Drivers\secdrv.SYS 0x966CA000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x98600000 \SystemRoot\System32\drivers\tcpipreg.sys 0x8BA9A000 \SystemRoot\System32\DRIVERS\srv2.sys 0x8BAE9000 \SystemRoot\System32\DRIVERS\srv.sys 0x82839000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x82BF7000 \??\C:\Users\Alina\AppData\Local\Temp\catchme.sys 0xB7F6B000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xB7F74000 \??\C:\Users\Alina\AppData\Local\Temp\awtiafow.sys 0xB7F8D000 \SystemRoot\system32\DRIVERS\tosrfusb.sys 0xB7F98000 \SystemRoot\system32\DRIVERS\tosrfbd.sys 0xB7FC0000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys 0xB7E00000 \SystemRoot\system32\DRIVERS\rtl8192se.sys 0xB7EEC000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0xB7EF6000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x77530000 \Windows\System32\ntdll.dll 0x484E0000 \Windows\System32\smss.exe 0x77770000 \Windows\System32\apisetschema.dll 0x00970000 \Windows\System32\autochk.exe 0x77390000 \Windows\System32\setupapi.dll 0x776B0000 \Windows\System32\msvcrt.dll 0x772C0000 \Windows\System32\user32.dll 0x77260000 \Windows\System32\shlwapi.dll 0x77680000 \Windows\System32\imagehlp.dll 0x77060000 \Windows\System32\iertutil.dll 0x76F90000 \Windows\System32\msctf.dll 0x76F00000 \Windows\System32\clbcatq.dll 0x76EE0000 \Windows\System32\imm32.dll 0x76E80000 \Windows\System32\difxapi.dll 0x77670000 \Windows\System32\lpk.dll 0x76E70000 \Windows\System32\normaliz.dll 0x76D70000 \Windows\System32\wininet.dll 0x76D60000 \Windows\System32\psapi.dll 0x76C80000 \Windows\System32\kernel32.dll 0x76BE0000 \Windows\System32\advapi32.dll 0x76B50000 \Windows\System32\oleaut32.dll 0x76AB0000 \Windows\System32\usp10.dll 0x76970000 \Windows\System32\urlmon.dll 0x768C0000 \Windows\System32\rpcrt4.dll 0x76760000 \Windows\System32\ole32.dll 0x75B10000 \Windows\System32\shell32.dll 0x75AD0000 \Windows\System32\ws2_32.dll 0x75AB0000 \Windows\System32\sechost.dll 0x75AA0000 \Windows\System32\nsi.dll 0x75A20000 \Windows\System32\comdlg32.dll 0x759D0000 \Windows\System32\gdi32.dll 0x75980000 \Windows\System32\Wldap32.dll 0x758F0000 \Windows\System32\comctl32.dll 0x757D0000 \Windows\System32\crypt32.dll 0x757A0000 \Windows\System32\wintrust.dll 0x75770000 \Windows\System32\cfgmgr32.dll 0x75720000 \Windows\System32\KernelBase.dll 0x75700000 \Windows\System32\devobj.dll 0x756F0000 \Windows\System32\msasn1.dll Processes (total 78): 0 System Idle Process 4 System 288 C:\Windows\System32\smss.exe 420 csrss.exe 472 C:\Windows\System32\wininit.exe 480 csrss.exe 536 C:\Windows\System32\winlogon.exe 564 C:\Windows\System32\services.exe 572 C:\Windows\System32\lsass.exe 580 C:\Windows\System32\lsm.exe 696 C:\Windows\System32\svchost.exe 812 C:\Windows\System32\svchost.exe 864 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 1028 C:\Windows\System32\svchost.exe 1156 C:\Windows\System32\svchost.exe 1316 C:\Windows\System32\svchost.exe 1420 C:\Windows\System32\spoolsv.exe 1476 C:\Windows\System32\svchost.exe 1640 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1708 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 1752 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 1816 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1900 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 1944 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 436 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 464 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 1256 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2104 C:\Windows\System32\SearchIndexer.exe 2588 C:\Windows\System32\svchost.exe 2748 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe 2832 C:\Windows\System32\svchost.exe 2868 C:\Program Files\Windows Media Player\wmpnetwk.exe 4020 C:\Windows\System32\dwm.exe 2348 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2324 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2340 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 216 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 496 C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe 956 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 1768 C:\Windows\PLFSetL.exe 948 C:\Program Files\Common Files\Java\Java Update\jusched.exe 424 C:\Windows\System32\igfxtray.exe 636 C:\Windows\System32\hkcmd.exe 1220 C:\Windows\System32\igfxpers.exe 2696 C:\Program Files\Windows Sidebar\sidebar.exe 2700 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe 2556 C:\Windows\System32\StikyNot.exe 2548 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe 1396 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 3644 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe 964 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1232 C:\Windows\System32\taskhost.exe 2712 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe 4220 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe 4172 C:\Windows\System32\svchost.exe 1892 dllhost.exe 5168 C:\Windows\System32\svchost.exe 5060 C:\Windows\System32\wuauclt.exe 4660 C:\Windows\explorer.exe 2992 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2112 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 3320 C:\Windows\System32\conhost.exe 5188 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1276 C:\Program Files\Avira\AntiVir Desktop\sched.exe 3744 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 1464 C:\Windows\System32\audiodg.exe 1248 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE 3596 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe 4436 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe 1212 C:\Program Files\Mozilla Firefox\firefox.exe 3248 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe 1056 C:\Program Files\Mozilla Firefox\plugin-container.exe 2972 C:\Windows\System32\taskeng.exe 5228 C:\Windows\System32\SearchProtocolHost.exe 860 C:\Windows\System32\SearchFilterHost.exe 5912 C:\Users\Alina\Downloads\MBRCheck.exe 3780 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`77100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`7eb00000 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001A Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
29.04.2011, 11:04
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Recycler auf USB Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2011, 17:07
| #26 |
| | Recycler auf USB Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6470 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 29.04.2011 15:42:14 mbam-log-2011-04-29 (15-42-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 304473 Laufzeit: 1 Stunde(n), 55 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware Scann-Protokoll SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generiert 04/29/2011 bei 06:02 PM Version der Applikation : 4.51.1000 Version der Kern-Datenbank : 6952 Version der Spur-Datenbank : 4764 Scan Art : kompletter Scann Totale Scann-Zeit : 01:51:32 Gescannte Speicherelemente : 752 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 11725 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 141203 Erfasste Datei-Elemente : 0 |
|
29.04.2011, 20:44
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Recycler auf USB Keine Funde! Rechner soweit wieder ok bzw. unauffällig?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2011, 22:55
| #28 |
| | Recycler auf USB ja, rechner läuft wie immer |
|
30.04.2011, 02:22
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Recycler auf USB Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2011, 10:55
| #30 |
| | Recycler auf USB juhuu! vielen vielen dank!! |
|
| Themen zu Recycler auf USB |
| antivir, autoruns, avira, avira antivir, avp, computer, computern, entdeck, gebraucht, gelöscht, gen, infizierte, internet, laptop, löschen, malware, meldungen, nichts, ordner, plötzlich, recycler, retten, scan, systemüberprüfung, usb, viren, warum |
Linear-Darstellung
