|
funmoods-Startseite bei Mozilla Firefox Hallo und guten Abend. Seit vergangener Woche habe ich eine seltsame funmoods-Startseite bei Mozilla Firefox. Ich vermute, dass es im Zusammenhang steht mit einem Download eines PDF-Merger-Tools. Nach Recherchen im Internet befürchte ich stark, mir einen Virus eingefangen zu haben und baue auf Eure Hilfe. Folgende Scans habe ich bereits durchgeführt: 1. Malwarebytes Anti-Malware: Dabei habe ich allerdings die in Quarantäne befindlichen Objekte gelöscht, da ich es erst falsch verstanden habe. 2. nochmal Malwarebytes Anti-Malware 3. defogger: Es gab KEINE Fehlermeldung 4. OTL Ich hoffe, dass ich kein Tool vergessen habe und dass Ihr mir helfen könnt. Vielen Dank und einen schönen Abend schnief 1. log Malwarebytes Anti-Malware Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: ****-HP [Administrator] Schutz: Aktiviert 27.05.2012 22:22:14 mbam-log-2012-05-27 (22-22-14).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 372857 Laufzeit: 52 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 19 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\****\Downloads\SoftonicDownloader_fuer_scribus.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2. log Malwarebytes Anti-Malware Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.27.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: ****-HP [Administrator] Schutz: Aktiviert 27.05.2012 23:24:55 mbam-log-2012-05-27 (23-24-55).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 372655 Laufzeit: 56 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 3. OTL-log OTL logfile created on: 5/28/2012 8:54:23 PM - Run 1 OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\****\unwichtigeOrdner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.75 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 51.38% Memory free 7.49 Gb Paging File | 5.48 Gb Available in Paging File | 73.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 131.75 Gb Total Space | 75.56 Gb Free Space | 57.35% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32 Computer Name: ****-HP | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/05/28 20:52:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe PRC - [2012/05/28 20:48:22 | 000,050,477 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/07/31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2010/09/02 22:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe PRC - [2010/07/30 05:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010/07/13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/03/01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2010/02/17 22:07:38 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe PRC - [2010/02/17 22:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe PRC - [2009/08/07 18:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe PRC - [2009/05/09 00:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/05/28 20:48:22 | 000,050,477 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe MOD - [2012/05/13 10:49:35 | 013,197,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012/05/13 10:49:22 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012/05/13 10:48:41 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012/05/13 10:48:17 | 001,665,536 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012/05/13 10:48:06 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012/05/13 10:47:59 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2010/02/22 20:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010/02/22 20:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010/02/22 20:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/08/05 01:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/07/30 05:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010/04/05 20:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010/02/08 20:07:16 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV:64bit: - [2010/02/04 20:48:28 | 000,199,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/05/06 14:10:29 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/09/02 22:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService) SRV - [2010/07/13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2010/02/17 22:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc) SRV - [2009/08/07 18:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/09 00:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/18 10:48:22 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/08/11 18:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/08/05 01:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/08/05 00:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/07/20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/07/20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/07/20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/07/14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/05/04 00:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/27 20:25:14 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2010/03/09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/03/03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/02/16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010/02/08 20:07:16 | 000,527,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010/02/08 20:07:16 | 000,280,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2010/02/08 20:07:16 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010/02/08 20:07:16 | 000,121,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2010/02/08 20:07:16 | 000,094,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/09 23:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} IE:64bit: - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} IE - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} IE - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475 IE - HKLM\..\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} IE - HKCU\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_1_&babsrc=SP_ss&mntrId=a8baa772000000000000e02a823bea36 IE - HKCU\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475 IE - HKCU\..\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{83F1F119-37A3-4623-B816-A3EB3B27613D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..backup.old.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.netassistant.keyword.url: "hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={998B820D-28B8-4BC9-B969-3DCAEFEFC573}&Version=3.6.5&Vintage=20111249&Defaultbrowserid=24&Productid=2326&Vendorid=5750&Offerid=16983&searchterm=" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=KW_ss&mntrId=a8baa772000000000000e02a823bea36&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/10 20:47:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 14:45:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/12 20:10:39 | 000,000,000 | ---D | M] [2011/02/21 20:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012/05/27 21:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\1c3dr9as.default\extensions [2011/02/21 20:25:55 | 000,001,834 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\bing.xml [2012/05/24 20:47:07 | 000,002,299 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\Search.xml [2012/05/13 14:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/05/13 14:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012/05/13 14:45:44 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net [2012/05/05 00:06:48 | 000,570,013 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1C3DR9AS.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012/04/21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/11/14 22:37:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/15 21:37:42 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/04/21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908045406.dll (McAfee, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100908045406.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe (McAfee, Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E00C872-5886-46BE-81DB-FEDECAADDD36}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20EDAB1-112B-43CE-81C0-CEC8C015A170}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\myrm - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\Shell - "" = AutoRun O33 - MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/28 20:53:54 | 000,000,000 | ---D | C] -- C:\Users\****\unwichtigeOrdner\Desktop\trojanerboard [2012/05/28 20:51:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe [2012/05/27 22:19:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2012/05/27 22:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/27 22:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/27 22:18:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/05/27 22:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/05/27 22:17:59 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\****\unwichtigeOrdner\Desktop\mbam-setup-1.61.0.1400.exe [2012/05/27 21:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/05/27 21:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/05/27 21:52:51 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\****\unwichtigeOrdner\Desktop\ccsetup319.exe [2012/05/27 21:42:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/05/27 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Roxio Log Files [2012/05/21 19:06:44 | 014,593,325 | ---- | C] (Andrea Vacondio) -- C:\Users\****\unwichtigeOrdner\Desktop\pdfsam-win-v2_2_1.exe [2012/05/16 13:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/05/16 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/05/16 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/05/15 21:41:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CUSTPDF Writer [2012/05/15 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Google [2012/05/15 21:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS [2012/05/15 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/05/15 21:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/05/15 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Babylon [2012/05/15 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Babylon [2012/05/15 21:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/05/14 18:36:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview [2012/05/14 18:34:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders [2012/05/13 14:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/05/13 14:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/03 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\****\Wohnung [2012/05/03 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\****\BFD [1 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/28 20:52:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe [2012/05/28 20:50:53 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2012/05/28 20:48:22 | 000,050,477 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe [2012/05/28 20:10:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/05/28 20:04:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/05/27 23:26:47 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/27 23:26:47 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/27 23:23:29 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/05/27 23:23:29 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/05/27 23:23:29 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/05/27 23:23:29 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/05/27 23:23:29 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/05/27 23:18:35 | 4022,927,360 | -HS- | M] () -- C:\hiberfil.sys [2012/05/27 23:17:55 | 000,013,605 | ---- | M] () -- C:\windows\SysNative\Config.MPF [2012/05/27 22:18:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/27 22:18:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\****\unwichtigeOrdner\Desktop\mbam-setup-1.61.0.1400.exe [2012/05/27 21:53:39 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/05/27 21:52:52 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\****\unwichtigeOrdner\Desktop\ccsetup319.exe [2012/05/23 21:22:20 | 002,788,367 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz2.JPG [2012/05/23 21:21:54 | 003,211,103 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz1.JPG [2012/05/21 19:07:40 | 014,593,325 | ---- | M] (Andrea Vacondio) -- C:\Users\****\unwichtigeOrdner\Desktop\pdfsam-win-v2_2_1.exe [2012/05/15 21:37:52 | 000,000,250 | ---- | M] () -- C:\user.js [2012/05/15 07:43:10 | 000,282,128 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/05/13 14:43:35 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2012.lnk [2012/05/13 12:20:19 | 001,535,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [1 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/28 20:50:53 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2012/05/28 20:48:21 | 000,050,477 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe [2012/05/27 22:18:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/27 21:53:39 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/05/23 21:22:20 | 002,788,367 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz2.JPG [2012/05/23 21:21:52 | 003,211,103 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz1.JPG [2012/05/15 21:37:51 | 000,000,250 | ---- | C] () -- C:\user.js [2011/11/14 21:37:59 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat [2011/03/29 20:43:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/02/18 21:41:20 | 001,535,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010/11/18 10:53:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll [2010/11/18 10:53:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2010/11/18 10:53:49 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2010/11/18 10:41:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2010/09/08 13:29:46 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini [2010/06/02 14:28:14 | 000,002,189 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011/05/09 21:34:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon [2012/05/15 21:37:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon [2012/01/19 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon [2011/02/24 23:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware [2012/05/27 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client [2011/05/27 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subversion [2011/02/18 21:42:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP [2012/05/21 21:55:36 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > 4. OTL-Extras-log OTL Extras logfile created on: 5/28/2012 8:54:23 PM - Run 1 OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\****\unwichtigeOrdner\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.75 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 51.38% Memory free 7.49 Gb Paging File | 5.48 Gb Available in Paging File | 73.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 131.75 Gb Total Space | 75.56 Gb Free Space | 57.35% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32 Computer Name: ****-HP | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D39F339-8F17-49A1-8D0B-9058B4A808A6}" = rport=138 | protocol=17 | dir=out | app=system | "{26C35838-44F9-4FCF-91B6-818DB99A7AB2}" = rport=445 | protocol=6 | dir=out | app=system | "{2D883177-6D29-4E3F-A308-7F599DB6CCE7}" = rport=10243 | protocol=6 | dir=out | app=system | "{34C7A14A-FFDD-4C03-B794-53122EF5531A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4607A599-E6B7-4DEC-B1FC-DEAB2D016D75}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4903C950-9523-4BBA-A564-FBFD98A941F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4CB343DE-0B15-4F37-B706-D1C656349EFB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4D2C2C95-0DDC-4E9F-8BC6-294FBA45FA3E}" = rport=139 | protocol=6 | dir=out | app=system | "{5277BD3A-2258-41D0-8589-EAAD7CE9BEDF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5F5C3634-E500-4011-80E9-1EE59DA8DF60}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6EF7479F-374B-4872-877E-0925D09EFB79}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{745669AF-055D-4A96-9CA4-9FB17921CCEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7E722AFB-463B-4E78-B311-228F1E06684F}" = rport=137 | protocol=17 | dir=out | app=system | "{859A2588-2D64-4370-8B76-7B5C0972B446}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{921E54E1-FC58-4CA1-912C-C28E28E1D5D8}" = lport=138 | protocol=17 | dir=in | app=system | "{985310A5-307E-45DE-BE51-45242394B960}" = lport=445 | protocol=6 | dir=in | app=system | "{B0B31531-3EE9-4112-B787-044DCBC6364D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CD3C7E50-8259-4D21-B224-38853690001D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D44EF9A8-D495-4CB9-9B19-53FB9DFDAC82}" = lport=10243 | protocol=6 | dir=in | app=system | "{EE699008-A863-449D-BE8A-BB6256756C75}" = lport=139 | protocol=6 | dir=in | app=system | "{F4B579FC-BF60-4E42-9AA7-56D0FA8D5C8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F69AF8C1-2F38-4DA5-833E-F3AEAB14E3CB}" = lport=137 | protocol=17 | dir=in | app=system | "{FDF6B15D-1CA9-43CF-88DA-33DA6609D209}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{176D228C-CF1D-437C-9FCF-E06E72D10B6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1881D78A-C1A3-4C01-B4D7-2AD515DA9336}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1FA6A257-4F95-478D-A76F-7AF6643D37F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{28C9D16F-2B3B-4699-B2F8-28A012DCC5F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3A530E28-806B-428D-946A-036ADA801BC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5589705C-789B-4CE8-87C0-12AF3C09156F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{64F9F546-3D23-4951-BC87-D6865A1954AC}" = protocol=6 | dir=out | app=system | "{76A022E5-C4DF-4D4E-AB1E-F79CC1C1871E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8254F2BE-A95E-4F77-AF10-6C65E94DBEA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{96CF263D-A1D5-445B-9D3D-6372B927D251}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | "{9F397CD2-1AA1-4CBA-BA3E-B4A819B7EB3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A37269AF-66CF-469C-B026-E1318C3ED890}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | "{A7D8D0C2-2B41-4B78-8132-7122F3DF8837}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{ACB7EDB2-9445-42E9-9AB0-D5BB740293AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AF8BA974-C0A1-46D0-908B-C509FEF3E1C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B77A6FD0-5565-453B-AD4B-303D9E7185CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B8816531-E3B5-4DE0-BBC0-465DA63DEDE0}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | "{C5408337-7CE9-49F0-BED8-0F1BDDA716CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBF530D2-B957-4709-8F12-50C057B818C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D90A2B3B-88AA-4006-9A17-E8AC0C6AB4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | "{D9562E97-BF8C-42C6-9EFE-179DBF18E2A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E33EBB17-7E59-4146-8549-E40B37DC81A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E6BC333B-7A0B-4F60-B0EF-510593CF81D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FEFFA0D7-E03A-4EFB-B866-BDDE0DD2FB0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers "{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64 "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support "{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{64A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera "{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian "{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech "{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding "{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver "{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy "{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All "{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean "{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software "{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian "{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish "{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package "{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus "{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup "{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework "{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian "{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation "{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese "{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard "{D5C1E5E2-11A5-4905-ACC6-6DDD5E3B7705}" = Visual C++ 8.0 x64 Runtime Setup Package "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7 "{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai "{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French "{E4B7F2AF-AEDA-4DE8-8014-9ADAFF7B4164}" = QuickSteuer Deluxe 2012 "{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English "{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish "{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish "{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant "{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "McAfee Managed Firewall" = McAfee Firewall Protection Service "McAfee Security Scan" = McAfee Security Scan Plus "McAfeeBrowserProtection" = McAfee Browser Protection Service "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "MVS" = McAfee Virus and Spyware Protection Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Scribus 1.3.3.14" = Scribus 1.3.3.14 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/12/2012 10:46:35 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 4/13/2012 11:01:31 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 4/15/2012 12:09:49 PM | Computer Name = ****-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 4/17/2012 8:24:19 AM | Computer Name = ****-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.290.11, Zeitstempel: 0x4e897c9a Name des fehlerhaften Moduls: jaudioMp3Win.tar, Version: 0.0.0.0, Zeitstempel: 0x45dd99d9 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00004be0 ID des fehlerhaften Prozesses: 0xdb4 Startzeit der fehlerhaften Anwendung: 0x01cd1c8f86a1a728 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe Pfad des fehlerhaften Moduls: C:\Users\****\jaudioMp3Win.tar Berichtskennung: 4110738a-8888-11e1-98d8-e02a8206ba27 Error - 4/20/2012 11:01:23 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 4/23/2012 8:55:30 AM | Computer Name = ****-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.290.11, Zeitstempel: 0x4e897c9a Name des fehlerhaften Moduls: jaudioMp3Win.tar, Version: 0.0.0.0, Zeitstempel: 0x45dd99d9 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00004be0 ID des fehlerhaften Prozesses: 0x15d0 Startzeit der fehlerhaften Anwendung: 0x01cd214a6b254b09 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe Pfad des fehlerhaften Moduls: C:\Users\****\jaudioMp3Win.tar Berichtskennung: 9aba35cb-8d43-11e1-89b1-e02a8206ba27 Error - 4/25/2012 8:58:58 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 4/27/2012 9:06:47 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 5/1/2012 2:20:56 PM | Computer Name = ****-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 5/4/2012 9:58:14 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: [ Hewlett-Packard Events ] Error - 4/10/2012 2:58:09 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201204102058.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 4/16/2012 2:25:48 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201204162025.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 4/24/2012 8:35:43 AM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201204241435.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 4/24/2012 8:43:47 AM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201204241443.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 5/1/2012 2:22:59 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051201082253.xml File not created by asset agent Error - 5/1/2012 2:23:49 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205012023.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 5/8/2012 2:27:45 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205082027.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 5/14/2012 2:36:47 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205142036.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() Error - 5/21/2012 4:06:49 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051221100646.xml File not created by asset agent Error - 5/21/2012 4:07:32 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0 Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support Framework\Logs\Temp\HPSA\HPSASession_201205212207.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding, Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents, Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession() [ HP Wireless Assistant Events ] Error - 11/18/2010 4:40:10 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 11/18/2010 4:40:10 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0 Description = System.Exception Register() failed : e_GENERAL_EXCEPTION at HP_Common.CaslWrapper.Register(EventArrivedEventHandler handler) at HPPA_Service.CurrentConfiguration..ctor() Error - 11/18/2010 4:40:13 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0 Description = System.Exception GetPMCCalibrationData() failed : 597 at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration) at HPPA_Service.HPPA_Service.ServiceWorkerMethod() Error - 2/18/2011 3:25:43 PM | Computer Name = ****-HP | Source = HP WA Service | ID = 0 Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1& radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 8/5/2011 2:02:55 PM | Computer Name = ****-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList() [ System Events ] Error - 8/5/2011 5:23:58 AM | Computer Name = ****-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 8/5/2011 2:02:49 PM | Computer Name = ****-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 8/5/2011 2:03:00 PM | Computer Name = ****-HP | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{4E00C872-5886-46BE-81DB-FEDECAADDD36} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 8/12/2011 3:21:07 PM | Computer Name = ****-HP | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. Error - 8/23/2011 2:36:39 PM | Computer Name = ****-HP | Source = Service Control Manager | ID = 7034 Description = Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 9/3/2011 7:17:01 PM | Computer Name = ****-HP | Source = DCOM | ID = 10010 Description = Error - 9/14/2011 9:00:57 AM | Computer Name = ****-HP | Source = DCOM | ID = 10010 Description = Error - 9/18/2011 3:54:40 AM | Computer Name = ****-HP | Source = WMPNetworkSvc | ID = 866300 Description = Error - 9/29/2011 1:43:37 PM | Computer Name = ****-HP | Source = WMPNetworkSvc | ID = 866300 Description = Error - 9/30/2011 7:48:24 AM | Computer Name = ****-HP | Source = DCOM | ID = 10010 Description = < End of report > |
Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
|
Hallo Arne, ich kann den ESET Scan nicht durchführen. Zum einen meldet ESET, dass es Microsoft Defender als weitere Antivirus-Software gefunden hat. Dieses Porgramm ist aber nicht aktiviert. Zum anderen hat er Probleme bei der Initialisierung. Er meldet: "Can not get update. Is proxy configured?" Kannst du mir dabei weiterhelfen? Gruß schnief |
Probier den Scan mit ESET im abgesicherten Modus mit Netzwerktreibern Und auch mal das hier beachten Falsche Proxy Einstellungen entfernen
  |
Hallo Arne, der ESET-Scan ging nun doch im normalen Modus. Der Log folgt. Die Proxy-Einstellungen sind wie in deiner Mitteilung. Gruß schnief ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=12 esets_scanner_update returned -1 esets_gle=12 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d649358a00d89b4a8c60a7e3cdd0cdae # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-08 01:21:43 # local_time=2012-06-08 03:21:43 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 254580 90725768 0 0 # compatibility_mode=8192 67108863 100 0 255454 255454 0 0 # scanned=270179 # found=5 # cleaned=0 # scan_time=22585 C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:\Users\****\FinalMediaPlayer2011Setup.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I C:\Users\****\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I |
Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? |
Hallo, zu 1.) der normale Modus geht wieder uneingeschränkt zu 2.) soweit ich das alles überblicken kann, vermisse ich nichts im Startmenü und leere Ordner unter alle Programme gibts auch nicht. kann also weiter gehen |
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das LogFalls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
Guten Abend, hab den OTL-Scan nochmal gemacht. Gruß schnief OTL Logfile: Code: OTL logfile created on: 6/14/2012 8:31:24 PM - Run 2[/code] |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
Hallo Arne, ich hab den OTL-Fix gemacht. Hier das Log. Vielen Dank schonmal und guten Abend. schnief Code: All processes killed |
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg |
Hallo Arne, hier nun das Log vom TDSS-Tool. Gruß schnief Code: |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
|
Hallo Arne, hier gleich das Combofix-Log: Gruß schnief Code: |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 22:38 Uhr. |
Copyright ©2000-2025, Trojaner-Board
