| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/mediyes.F.3Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2012, 10:19
| #1 |
 |  TR/mediyes.F.3 Hallo, bei einem scan von Avira antivirus gab es einen trojanerfund TR/mediyes.F.3 dieser wurde in Quarantäne verschoben. Aber mein Problem ist, das mir mein IE und Mozilla firefox immer wieder abstürzen, d.h. keine rückmeldung mehr. Dies sind die letzten beiden Ereignisse ---------------------------------------------------- Die Datei 'C:\Windows\System32\nspqalrj.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Mediyes.F.3' [trojan]. Durchgeführte Aktion(en): Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009\LibraryPath> wurde erfolgreich repariert. Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009\LibraryPath> wurde erfolgreich repariert. Der Registrierungseintrag <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009\LibraryPath> wurde erfolgreich repariert. Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ecd4d8.qua' verschoben! ----------------------------------------------------------------- Die Datei 'C:\Windows\System32\nspqalrj.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Mediyes.F.3' [trojan]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004. Die Quelldatei konnte nicht gefunden werden. Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei existiert nicht! -------------------------------------------------------------------- -------------------------------------------------------------------- Jetzt das ergebniss von Oldtimer OTL logfile created on: 11.06.2012 10:48:27 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\zeller\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 62,03% Memory free 6,50 Gb Paging File | 5,04 Gb Available in Paging File | 77,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1305,15 Gb Free Space | 94,84% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,32% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PHOENIX | User Name: zeller | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe PRC - [2012.06.08 11:10:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2012.06.08 11:10:12 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.05.11 07:05:02 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll MOD - [2012.05.11 07:04:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 07:04:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.11 07:04:27 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.11 07:04:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 07:04:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 07:04:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 07:03:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.04 21:08:10 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2010.12.08 21:18:26 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.02 11:33:39 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3660.33486__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard. dll MOD - [2010.02.02 11:33:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3660.33443__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3660.33319__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3660.33396__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3660.33397__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3660.33417__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3660.33329__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3660.33444__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3660.33395__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3660.33388__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2010.02.02 11:33:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3660.33338__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3660.33330__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2010.02.02 11:33:39 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3660.33487__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3660.33482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dash board.dll MOD - [2010.02.02 11:33:38 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3660.33379__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3660.33458__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3660.33346__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2010.02.02 11:33:38 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3660.33410__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.02.02 11:33:38 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3660.33371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3660.33378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3660.33385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2010.02.02 11:33:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3660.33457__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3660.33384__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3660.33351__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2010.02.02 11:33:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3660.33386__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3639.21544__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3639.21529__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3639.21799__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3639.21677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3639.21772__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3639.21517__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3639.21518__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3639.21922__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.02 11:33:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3639.21571__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3639.21582__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3639.21557__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3639.21776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3639.21569__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3639.21562__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3639.21599__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3639.21620__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3639.21566__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3639.21663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3639.21591__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3639.21613__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3639.21806__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3639.21789__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3639.21606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3639.21788__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.02 11:33:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.02.02 11:33:36 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3660.33325__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.02 11:33:36 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3660.33479__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll MOD - [2010.02.02 11:33:36 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3660.33428__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.02 11:33:36 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3660.33337__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.02 11:33:36 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3660.33436__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3660.33434__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3639.21679__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3660.33316__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3639.21608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3660.33315__90ba9c70f846762e\APM.Server.dll MOD - [2010.02.02 11:33:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3660.33318__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3639.21609__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3639.21670__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3639.21589__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3660.33314__90ba9c70f846762e\AEM.Server.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3660.33451__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3639.21551__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3639.21578__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3639.21577__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3639.21601__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3639.21521__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3639.21666__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3639.21623__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3639.21565__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3639.21594__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3639.21673__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3639.21539__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3639.21592__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3639.21596__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3639.21681__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3639.21611__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3639.21604__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.02.02 11:33:36 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3660.33435__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3639.21570__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.02 11:33:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3660.33313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr) SRV - [2012.06.08 11:10:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.02 21:03:28 | 000,241,664 | ---- | M] (Parental Solutions Inc.) [Auto | Running] -- C:\Windows\System32\pouad92qp.dll -- (Dnscache) SRV - [2012.05.04 21:08:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.14 12:36:48 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.11 13:54:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.11 13:54:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.08 11:10:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.11 06:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Extensions [2012.05.06 16:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions [2012.03.29 12:19:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.07 14:39:48 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-1.xml [2012.01.17 15:08:38 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-2.xml [2012.02.12 12:30:18 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-3.xml [2012.02.17 13:29:42 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-4.xml [2012.02.22 18:36:34 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-5.xml [2012.03.22 19:39:06 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-6.xml [2012.03.29 13:07:13 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-7.xml [2012.05.01 14:43:37 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-8.xml [2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.gif [2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.src [2012.01.06 11:09:19 | 000,001,056 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.xml [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.08 11:10:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.08 11:10:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 11:10:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 11:10:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 11:10:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 11:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 11:10:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" File not found O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\Trayserver.exe (MAGIX AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\nspqalrj.dll File not found O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B216392A-5D26-485D-A3D1-1BA09B9A1893}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0df36137-8ba5-11e1-a8c7-406186966aee}\Shell - "" = AutoRun O33 - MountPoints2\{0df36137-8ba5-11e1-a8c7-406186966aee}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 10:47:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 07:18:56 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{0A4C483A-9555-4BB0-AEB6-56B917F793D5} [2012.06.11 07:18:41 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{96371A1E-5546-4661-AD5B-2887D9ECA745} [2012.06.10 07:22:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{C2E12B95-B211-4EF3-9880-CCB80F87F8EC} [2012.06.10 07:21:39 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{F4EACEAA-5DE7-4784-9AC1-29A278C1B80D} [2012.06.09 13:07:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{02D1EE42-84C4-4E18-9A5C-61A1F2FB8A7F} [2012.06.09 13:07:18 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{525EAF42-50FC-4450-B807-4FA1B1ABB338} [2012.06.03 12:23:16 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D65677EA-F4E5-4611-B695-D164B274FA55} [2012.06.03 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{78645E66-0A70-44D7-895D-A8DDA1AB8CF8} [2012.06.02 21:03:28 | 000,241,664 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\System32\pouad92qp.dll [2012.05.31 12:54:24 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A7590411-AD22-4D4D-A09D-DF5C498B983B} [2012.05.31 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{17F86EC5-F83C-4EE2-9342-E70DD66E13D2} [2012.05.29 18:49:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.05.26 18:43:47 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{E8715F23-BCC1-4E50-A040-BE45D2BA05E9} [2012.05.26 18:43:25 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D0829E83-DCFB-4B50-8C96-9A4EFF14F44D} [2012.05.23 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{915239B2-624D-44F6-AF04-724FF2B46FD2} [2012.05.23 17:59:23 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{6CC0EB47-25C6-4348-BF4D-06EC191A3549} [2012.05.21 08:13:25 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{26FFF07C-5D63-4110-94EC-D8079F1BB863} [2012.05.21 08:13:02 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{1CBA2674-5CCA-4DFF-BA76-AC66373001CC} [2012.05.19 13:48:37 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{88404B46-E740-4768-BD9C-2D86365E1FED} [2012.05.19 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{AC5825A1-BD29-4167-8EF1-DC3384CF30D7} [2012.05.19 09:37:54 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{14AAA730-538C-4F56-A3EB-98307E769DBF} [2012.05.19 09:37:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{C7AA86AC-4307-4F6A-A673-C9BA5E8AA6DB} [2012.05.18 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{2446465A-6271-45C6-B738-C00EFBAF6F85} [2012.05.18 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{92B230ED-8336-414B-9064-A8418C96B8A8} [2012.05.17 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{6674542A-37F7-4DC8-B447-4C800BE21D20} [2012.05.17 22:30:08 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{06CCA256-F922-48A0-9FB0-886CD9F7671F} [2012.05.17 10:28:16 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Roaming\Avira [2012.05.17 10:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.17 10:22:12 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.17 10:22:12 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.05.17 10:22:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.05.17 10:22:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.05.17 10:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.17 10:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.05.16 13:26:11 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{1B6A3DAB-B5AA-4DD5-A2B8-7ED37A15E3A6} [2012.05.16 13:25:49 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{265AF7D8-C04C-434E-BE08-07274C199ABA} [2012.05.15 12:14:48 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{60A568BC-2FB5-4B34-AFAE-9C80091CEECB} [2012.05.15 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{1FE1D697-0F61-4303-97D8-365AFAC95B18} [2012.05.14 15:08:41 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{B7346094-3359-4723-B348-A51FD4B7D8F7} [2012.05.14 15:08:18 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{0BE9B6EA-9577-413E-A471-98E6C17297D3} [2012.05.14 10:31:52 | 000,000,000 | ---D | C] -- C:\Users\zeller\Music\Documents\MAGIX Downloads [2012.05.14 10:31:51 | 000,000,000 | ---D | C] -- C:\Users\zeller\Music\Documents\MAGIX_Video_deluxe_16_Plus_Sonderedition_Download-Version [2012.05.14 10:26:07 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\Xara [2012.05.14 10:26:06 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Roaming\MAGIX [2012.05.14 10:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared [2012.05.14 10:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2012.05.14 10:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX [2012.05.14 08:26:46 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{4DD07076-21E2-487C-876C-CA53E55143C2} [2012.05.14 08:26:24 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{4ED5EA96-B98F-4AA9-AE20-EA13EC017C83} [2012.05.13 17:34:08 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Roaming\Skype [2012.05.13 17:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.05.13 17:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.05.13 17:34:01 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.05.13 17:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.11 10:49:23 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 10:49:23 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | M] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:41:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.11 10:41:36 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.06.11 10:34:33 | 000,050,477 | ---- | M] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.06.11 07:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.04 15:51:39 | 000,024,592 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2012.06.02 21:03:28 | 000,241,664 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\System32\pouad92qp.dll [2012.05.29 18:49:16 | 314,693,193 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:51 | 000,175,386 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:13 | 000,167,190 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [2012.05.17 16:57:08 | 000,167,170 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-17 16_57_07.884563.dmp [2012.05.17 10:22:51 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.15 12:14:14 | 000,166,186 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-15 12_14_09.719267.dmp [2012.05.15 07:20:34 | 000,480,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.14 10:25:55 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 16 Plus Sonderedition Download-Version.lnk [2012.05.13 17:34:02 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 10:47:05 | 000,000,000 | ---- | C] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:31 | 000,050,477 | ---- | C] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:47 | 000,175,386 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:11 | 000,167,190 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [2012.05.17 16:57:07 | 000,167,170 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-17 16_57_07.884563.dmp [2012.05.17 10:22:51 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.15 12:14:09 | 000,166,186 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-15 12_14_09.719267.dmp [2012.05.14 10:25:55 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 16 Plus Sonderedition Download-Version.lnk [2012.05.13 17:34:02 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.11.08 20:56:38 | 000,000,094 | ---- | C] () -- C:\Users\zeller\AppData\Local\fusioncache.dat [2011.05.02 16:54:11 | 000,024,592 | ---- | C] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2010.12.04 12:30:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.01 10:02:54 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe ========== LOP Check ========== [2011.06.21 10:26:28 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\aliasworlds [2010.11.25 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Anarchy [2010.12.08 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Be a King 2 [2011.05.24 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\BlamGames [2011.05.26 18:52:56 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Boolat Games [2010.11.15 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\capella-software [2012.04.16 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.05.25 09:01:08 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DivoGames [2011.05.25 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Dreamsdwell Stories [2011.07.22 17:50:04 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoft [2011.07.20 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.23 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Friday's games [2011.07.20 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Green Clover Games [2011.08.04 16:24:40 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\GreenSauceGames [2011.12.16 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ICQ [2011.06.16 09:28:47 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\InImages [2010.12.01 12:37:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\iWinG [2011.05.25 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Jane s Hotel 3 [2010.12.11 13:54:23 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Local [2012.05.14 10:26:06 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\MAGIX [2011.06.16 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Nevosoft-Breeze [2012.01.07 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\OpenOffice.org [2010.11.23 19:22:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft2 [2012.02.04 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft3 [2011.06.27 12:15:12 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Ph03nixNewMedia [2011.06.20 10:45:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PlayFirst [2012.02.04 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Playrix Entertainment [2011.07.22 17:09:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Simfy [2011.05.02 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Template [2012.05.27 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\TS3Client [2011.07.02 09:52:23 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ts3overlay [2011.08.14 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Unity [2011.05.25 11:29:39 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\WendigoStudios [2010.11.10 12:39:15 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Windows Live Writer [2011.05.23 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\World-Loom [2011.07.22 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\YoudaGames [2012.06.11 08:02:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:AE289451 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp  882BE37@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:22741C1F @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:99AC3203 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:701B92FB @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:3B07E6F4 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F53B274A @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp D95E6D9@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EB68CA55 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A9ABA3FF @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C9B27A06 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EC0279DC @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp 01ACC06@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9D03192E @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BC1F7CAE @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:3C0887BF @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F7370879 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CFF6B3FF @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3571475C @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B285A50E @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:97995ED4 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5C4A588B @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1E5EC928 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:35629AE6 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:063969F8 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B12D1A7D < End of report > ----------------------------------------------------------------------- extras OTL Extras logfile created on: 11.06.2012 10:48:27 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\zeller\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 62,03% Memory free 6,50 Gb Paging File | 5,04 Gb Available in Paging File | 77,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1305,15 Gb Free Space | 94,84% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,32% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PHOENIX | User Name: zeller | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0248095A-0C51-4422-891F-48F89631F892}" = rport=445 | protocol=6 | dir=out | app=system | "{05835BCF-B7F5-46D4-B44B-F71140424579}" = lport=2869 | protocol=6 | dir=in | app=system | "{0F11FB3C-DD89-4B43-BAC6-5D6EA5620C0B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{178C290C-5A05-418B-A8DF-F1B908F416A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5854998D-0201-4B90-A007-29CD156F5D07}" = lport=139 | protocol=6 | dir=in | app=system | "{5E0C7DB4-C2A5-46B3-B0A9-4AB3E52553D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{62C86C6C-FF93-45F6-AEE5-06AA69023BF3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{72831DDE-AC8F-47E7-93F5-BDF42A19C60E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7CE98A15-47AA-4918-A1D8-315B35BE66C6}" = rport=139 | protocol=6 | dir=out | app=system | "{83079769-A0F1-43E9-82AF-870D1A694667}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8379BA99-522C-4524-BB86-D5B29987F8B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{850AA948-7DE4-427A-84DF-AB938ED1E0F1}" = lport=138 | protocol=17 | dir=in | app=system | "{86AAA287-B8A9-4698-82C0-7000AB488319}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9766282E-4F9E-4C33-BBAB-BE3B0A0C1898}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9D9DA738-8F40-42AE-8633-D55E00467FC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AED87148-6E3E-4AB2-97B6-41AF751E56BB}" = lport=10243 | protocol=6 | dir=in | app=system | "{B6023B58-0BEA-495D-B2B7-C031A194E93B}" = rport=10243 | protocol=6 | dir=out | app=system | "{C47AD9A3-DB33-4346-B9D2-4FBAFE765977}" = lport=137 | protocol=17 | dir=in | app=system | "{D87B5F7A-911E-4F48-903F-55720ECA6F8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DC19120E-AE5B-4809-9283-957313AFFF17}" = lport=445 | protocol=6 | dir=in | app=system | "{E0047A00-C9E1-40DD-825D-8CF6AE458EAD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EA3FDBA9-F504-45D6-A88F-8D76B97BFDED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F2DB619F-5DBB-4E85-B7F5-9A81E190BCE2}" = rport=138 | protocol=17 | dir=out | app=system | "{F53A90D0-369A-4313-827C-5C926EC97865}" = rport=137 | protocol=17 | dir=out | app=system | "{F7DB0993-F11D-4146-95E4-BDD47CB93865}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{030DF039-8205-40AB-8171-3D5E80D2EAE1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{0CE7AFEB-A329-4509-A7AB-C9E78A3A4466}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{13CD80DD-CBF6-4B1D-9486-7BC0C8211C6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{13DA4072-5E25-409D-A793-190BC54077A1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{145E6832-8C41-4B8F-A97D-062B42581DF2}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe | "{1ED267BE-89E1-43A2-89A7-186814879EBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2CD87EA6-7FAB-459E-8D51-5B275E3E2787}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{44A13D85-40E5-4F7F-A1A8-031D95C8C72A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{50AC72D0-E954-4B96-B141-83FD3C1C6A68}" = protocol=6 | dir=out | app=system | "{5BE581F7-A200-4754-B3A5-8425016BAC30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{612328B9-E9BA-446D-B085-F057556DC656}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{614E9237-3A10-4973-879F-99E6998A2CD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{79C0A66F-2AD8-4E6A-B81C-209CD9851FDE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7A7635A3-522D-4A3B-BD7F-52E66277034F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{83AE561B-F582-4D0A-A121-4F7D273D8A7A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{9135FDF1-88DD-463A-A7B8-3BC84C854DB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9655EEE3-00A0-4DBA-BD9D-EF61BA5D2711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9CE53C92-1F50-43E1-A5DB-3C3169AD1E48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AE9E0EDD-127D-42B1-BC8E-5C4C15A85B24}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe | "{B827F70C-32A3-49AF-BFA8-684E29918197}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D01BA128-C720-446A-BACE-34A13F3661C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E51A708E-9348-4DBC-A94B-2F13DA3F31A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E86C512D-CF8B-40B7-81A8-3DAD97F73786}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EBAB9B18-6FD4-4672-A402-FB0AEC0C4A0C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{0A833941-7C53-4B53-80EB-CA14CC2B6433}C:\program files\macromedia\freehand 10\freehand 10.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\freehand 10\freehand 10.exe | "TCP Query User{4A7522B9-8589-4923-921F-DB4168942BF9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{5FA27D68-281A-44E7-A835-B2FB55301AF2}C:\program files\macromedia\dreamweaver mx\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver mx\dreamweaver.exe | "TCP Query User{68CA29E9-CE0D-42F1-B494-54198F8B79A4}C:\program files\macromedia\dreamweaver mx\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver mx\dreamweaver.exe | "TCP Query User{D651519C-CC60-48F0-9CE4-2A638015298C}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "TCP Query User{F2E9A392-6AD4-4033-9993-662A65F853C7}C:\program files\macromedia\freehand 10\freehand 10.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\freehand 10\freehand 10.exe | "UDP Query User{04B7F393-4BCB-4881-B9EA-34D3751E5AA0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{255BA715-04AB-4137-BFC1-89A316E0DF23}C:\program files\macromedia\dreamweaver mx\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver mx\dreamweaver.exe | "UDP Query User{C5768010-C286-40FE-8995-87D25BE3F5A2}C:\program files\macromedia\dreamweaver mx\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver mx\dreamweaver.exe | "UDP Query User{C98873C2-0B25-45C7-BE80-93AC5F8BF78F}C:\program files\macromedia\freehand 10\freehand 10.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\freehand 10\freehand 10.exe | "UDP Query User{F75B0937-E1B0-4CD5-B8A5-727E3A3B7D03}C:\program files\macromedia\freehand 10\freehand 10.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\freehand 10\freehand 10.exe | "UDP Query User{FB2E12A0-1EFD-447E-8515-19D9B319423E}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2 "{072B0602-A21F-45BD-9266-A6809FA94D93}" = MAGIX Screenshare "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{1433046A-BAE7-EBC6-4CAE-9A7BD0C3A35D}" = CCC Help Finnish "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{38A4E90C-F254-44D0-8F2D-B41E042A9072}" = MAGIX Speed 2 (MSI) "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy "{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10 "{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{54873998-9F2C-4D2F-2CC1-BEE8D9D9FC73}" = ccc-utility "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{765AD336-1219-478F-97E8-2D23FBE70981}" = MAGIX Video deluxe 16 Plus Sonderedition Download-Version "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77A2EA4C-F1DD-BBA7-F816-BD76EA3C08DF}" = CCC Help French "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2 "{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{88A34D88-1A75-8C9D-A26E-F283436AC0A6}" = ATI Catalyst Install Manager "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX "{8C1969E4-3533-3735-B5DF-82F24164203C}" = CCC Help Japanese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C516706-B1CC-EBFC-A0CB-02E1FF5FC0FC}" = CCC Help Danish "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D8004FF-B214-18C6-4473-4993230B11D5}" = CCC Help Norwegian "{9E3C6E9F-26C9-F771-36B5-2065515AA7C2}" = CCC Help Dutch "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A81FC45F-6431-CFD2-2FEF-B259C3B8DEB4}" = Catalyst Control Center Graphics Light "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACCC042D-A515-F15A-44DC-B8916D269A53}" = Catalyst Control Center Localization All "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0 "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA67EF42-DC5C-18EE-5DB4-7EB3987589BC}" = Catalyst Control Center Core Implementation "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BC37B94A-1C40-D769-0E53-157C3FF481C6}" = CCC Help German "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C170B7B5-9720-C191-F5FA-981C3FACAED6}" = CCC Help English "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific "{C5346D3C-C9FF-A4FD-FDDB-A36DE137A513}" = CCC Help Italian "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB5167B0-61DF-D5EA-E1C4-438D869D0B4A}" = ccc-core-static "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D443CF18-21ED-8648-CB98-B338EF0D8A51}" = CCC Help Swedish "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D8104EB7-EA8D-08D1-9A69-717E2F2E86F9}" = Catalyst Control Center Graphics Full New "{D8D76911-AA3A-62C8-8E1B-F94A518BD27D}" = Catalyst Control Center Graphics Previews Vista "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC27B0C8-F3B7-95BD-96B8-A8D8C78A94B8}" = Catalyst Control Center Graphics Full Existing "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F92DBD0E-7769-3E62-3526-45ED37E0A921}" = CCC Help Spanish "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Avira AntiVir Desktop" = Avira Free Antivirus "BFGC" = Big Fish Games: Game Manager "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "capella-reader 5.1" = capella-reader Version 5.1 "DivX Setup.divx.com" = DivX-Setup "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "MAGIX_MSI_Videodeluxe16_plus" = MAGIX Video deluxe 16 Plus Sonderedition Download-Version "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Uninstall_is1" = Uninstall 1.0.0.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.06.2012 03:55:52 | Computer Name = phoenix | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: app.n3app, Version: 0.0.0.0, Zeitstempel: 0x4fd089ab Name des fehlerhaften Moduls: app.n3app, Version: 0.0.0.0, Zeitstempel: 0x4fd089ab Ausnahmecode: 0x40000015 Fehleroffset: 0x005da87a ID des fehlerhaften Prozesses: 0x165c Startzeit der fehlerhaften Anwendung: 0x01cd47a729de74c0 Pfad der fehlerhaften Anwendung: C:\Users\zeller\AppData\Local\Temp\DSOClient\app.n3app Pfad des fehlerhaften Moduls: C:\Users\zeller\AppData\Local\Temp\DSOClient\app.n3app Berichtskennung: dd605bfa-b39a-11e1-a375-406186966aee Error - 11.06.2012 04:10:01 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm ts3client_win32.exe, Version 3.0.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 142c Startzeit: 01cd47a98790ea7c Endzeit: 4 Anwendungspfad: C:\Users\zeller\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe Berichts-ID: d674d0ae-b39c-11e1-a375-406186966aee Error - 11.06.2012 04:10:30 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm ts3client_win32.exe, Version 3.0.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1274 Startzeit: 01cd47a99a8778e1 Endzeit: 3 Anwendungspfad: C:\Users\zeller\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe Berichts-ID: e748ec43-b39c-11e1-a375-406186966aee Error - 11.06.2012 04:23:00 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm ts3client_win32.exe, Version 3.0.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1450 Startzeit: 01cd47ab60d08f4e Endzeit: 4 Anwendungspfad: C:\Users\zeller\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe Berichts-ID: a6d29de5-b39e-11e1-a375-406186966aee Error - 11.06.2012 04:23:14 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm ts3client_win32.exe, Version 3.0.6.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7e4 Startzeit: 01cd47ab6ac5afb1 Endzeit: 3 Anwendungspfad: C:\Users\zeller\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe Berichts-ID: aef05f52-b39e-11e1-a375-406186966aee Error - 11.06.2012 04:29:12 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 148c Startzeit: 01cd4796cf07d1b6 Endzeit: 7 Anwendungspfad: C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: 8403b655-b39f-11e1-a375-406186966aee Error - 11.06.2012 04:30:19 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm Skype.exe, Version 5.9.0.115 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1004 Startzeit: 01cd47906df5bb85 Endzeit: 5 Anwendungspfad: C:\Program Files\Skype\Phone\Skype.exe Berichts-ID: Error - 11.06.2012 04:30:35 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 13.0.0.4535 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 900 Startzeit: 01cd47a7650f9b00 Endzeit: 12 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: Error - 11.06.2012 04:33:11 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 13.0.0.4535 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 133c Startzeit: 01cd47ac7a038e8d Endzeit: 7 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 1293f0b9-b3a0-11e1-a375-406186966aee Error - 11.06.2012 04:38:13 | Computer Name = phoenix | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ed0 Startzeit: 01cd47906d1d414d Endzeit: 11 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: c6478c53-b3a0-11e1-a375-406186966aee [ Media Center Events ] Error - 23.04.2011 08:38:28 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 23.04.2011 08:38:38 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 24.04.2011 08:25:38 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 24.04.2011 08:26:38 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 28.04.2011 08:48:38 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 28.04.2011 08:48:51 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 11.05.2011 08:39:15 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 14.05.2011 14:32:50 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 20.05.2011 08:50:30 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = Error - 20.05.2011 08:50:49 | Computer Name = phoenix | Source = MCUpdate | ID = 0 Description = [ System Events ] Error - 11.06.2012 04:43:39 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:43:59 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:43:59 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:43:59 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:48:59 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:48:59 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:48:59 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:51:05 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:51:05 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. Error - 11.06.2012 04:51:05 | Computer Name = phoenix | Source = Service Control Manager | ID = 7003 Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation. Dieser Dienst ist eventuell nicht installiert. < End of report > ----------------------------------------------------------------------- ----------------------------------------------------------------------- da ich keine ahnung hab und einfach mal gemacht hab was in der anleitung steht, hoffe ich das das erstmal reicht, damit ihr mir weiterhelfen könnt lg rose |
|
11.06.2012, 10:38
| #2 |
| /// Malwareteam    | TR/mediyes.F.3 Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Gmer Bitte
Schritt 2: adwcleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
|
11.06.2012, 11:51
| #3 |
| | TR/mediyes.F.3 So hab jetzt alle schritte gemacht.
__________________------------------------------------------------------------------- ------------------------------------------------------------------- # GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-11 12:45:33
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000053 WDC_WD15 rev.80.0
Running: fmvg7wjv.exe; Driver: C:\Users\zeller\AppData\Local\Temp\pgldapow.sys
---- System - GMER 1.0.15 ----
SSDT 91F90ABE ZwCreateSection
SSDT 91F90AC8 ZwRequestWaitReplyPort
SSDT 91F90AC3 ZwSetContextThread
SSDT 91F90ACD ZwSetSecurityObject
SSDT 91F90AD2 ZwSystemDebugControl
SSDT 91F90A5F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8307F3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830BFEAC 4 Bytes [BE, 0A, F9, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830C0208 4 Bytes [C8, 0A, F9, 91] {ENTER 0xf90a, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830C024C 4 Bytes [C3, 0A, F9, 91] {RET ; OR BH, CL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830C02C8 4 Bytes [CD, 0A, F9, 91] {INT 0xa; STC ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 830C031C 4 Bytes [D2, 0A, F9, 91] {ROR BYTE [EDX], CL; STC ; XCHG ECX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x92414000, 0x2D293E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtClose 773754C8 5 Bytes JMP 01511B91
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateSection 773756E8 5 Bytes JMP 015108F8
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtMapViewOfSection 77375C28 5 Bytes JMP 01510BD4
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtOpenFile 77375CD8 5 Bytes JMP 015118B4
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtOpenSection 77375DC8 5 Bytes JMP 01510683
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtQueryAttributesFile 77375F38 5 Bytes JMP 015115E1
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtQuerySection 77376188 5 Bytes JMP 0151116D
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtQueryVirtualMemory 77376258 5 Bytes JMP 01511D66
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtUnmapViewOfSection 773769B8 5 Bytes JMP 01510F2E
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!free 75CD9894 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!malloc 75CD9CEE 5 Bytes JMP 0A90D230 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!??3@YAXPAX@Z 75CDB0B9 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!??2@YAPAXI@Z 75CDB0C9 5 Bytes JMP 0A90D480 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!realloc 75CDB10D 5 Bytes JMP 0A90D2B0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!calloc 75CDC456 5 Bytes JMP 0A90D270 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_msize 75CDF43B 5 Bytes JMP 0A90D2E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_aligned_free 75CF5942 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_aligned_malloc 75D0028D 5 Bytes JMP 0A90D3C0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_aligned_offset_malloc 75D002A9 5 Bytes JMP 0A90D3E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 75D2BFD1 5 Bytes JMP 0A90D500 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_aligned_offset_realloc 75D2BFE1 5 Bytes JMP 0A90D420 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_aligned_realloc 75D2C16B 5 Bytes JMP 0A90D400 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_expand 75D2C18A 5 Bytes JMP 0A90D3A0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_heapadd 75D2DD03 5 Bytes JMP 0A90D550 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_heapchk 75D2DD17 5 Bytes JMP 0A90D560 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_heapset + 1 75D2DE16 4 Bytes JMP 0A90D581 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_heapmin 75D2DE1F 5 Bytes JMP 0A90D650 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_heapused 75D2DF05 5 Bytes JMP 0A90D620 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1712] msvcrt.dll!_heapwalk 75D2DF18 5 Bytes JMP 0A90D590 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[4080] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4080] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\Windows\system32\o56t2.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1024] 0x06C90000
---- EOF - GMER 1.0.15 ----
-------------------------------------------------------------------- --------------------------------------------------------------------- # # AdwCleaner v1.609 - Logfile created 06/11/2012 at 12:47:47 # Updated 10/06/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : zeller - PHOENIX # Running from : C:\Users\zeller\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\zeller\AppData\Local\Temp\AskSearch Folder Found : C:\Users\zeller\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\spiel\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\Gast\AppData\LocalLow\boost_interprocess File Found : C:\Users\spiel\Uninstall.exe ***** [Registry] ***** ***** [Registre - GUID] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v13.0 (de) Profile name : default File : C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\prefs.js [OK] File is clean. Profile name : default File : C:\Users\spiel\AppData\Roaming\Mozilla\Firefox\Profiles\5oa0s2tz.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1373 octets] - [11/06/2012 12:47:47] ########## EOF - C:\AdwCleaner[R1].txt - [1501 octets] ########## --------------------------------------------------------------------------------------------- Hoffe das hilft weiter, ob noch was gemacht werden muss. danke schon mal an der stelle |
|
11.06.2012, 11:55
| #4 |
| /// Malwareteam | TR/mediyes.F.3 Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.06.2012, 12:01
| #5 |
| | TR/mediyes.F.3 # 12:57:58.0790 3936 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 12:57:59.0002 3936 ============================================================ 12:57:59.0002 3936 Current date / time: 2012/06/11 12:57:59.0002 12:57:59.0002 3936 SystemInfo: 12:57:59.0003 3936 12:57:59.0003 3936 OS Version: 6.1.7601 ServicePack: 1.0 12:57:59.0003 3936 Product type: Workstation 12:57:59.0003 3936 ComputerName: PHOENIX 12:57:59.0003 3936 UserName: zeller 12:57:59.0003 3936 Windows directory: C:\Windows 12:57:59.0003 3936 System windows directory: C:\Windows 12:57:59.0003 3936 Processor architecture: Intel x86 12:57:59.0003 3936 Number of processors: 4 12:57:59.0003 3936 Page size: 0x1000 12:57:59.0003 3936 Boot type: Normal boot 12:57:59.0003 3936 ============================================================ 12:58:01.0234 3936 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 12:58:01.0250 3936 ============================================================ 12:58:01.0250 3936 \Device\Harddisk0\DR0: 12:58:01.0250 3936 MBR partitions: 12:58:01.0250 3936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:58:01.0250 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAC053800 12:58:01.0250 3936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAC086000, BlocksNum 0x2800000 12:58:01.0250 3936 ============================================================ 12:58:01.0278 3936 C: <-> \Device\Harddisk0\DR0\Partition1 12:58:01.0329 3936 D: <-> \Device\Harddisk0\DR0\Partition2 12:58:01.0329 3936 ============================================================ 12:58:01.0329 3936 Initialize success 12:58:01.0329 3936 ============================================================ 12:58:32.0257 5600 ============================================================ 12:58:32.0257 5600 Scan started 12:58:32.0257 5600 Mode: Manual; TDLFS; 12:58:32.0257 5600 ============================================================ 12:58:32.0889 5600 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 12:58:32.0892 5600 1394ohci - ok 12:58:32.0927 5600 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 12:58:32.0932 5600 ACPI - ok 12:58:32.0952 5600 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 12:58:32.0953 5600 AcpiPmi - ok 12:58:33.0028 5600 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 12:58:33.0030 5600 Adobe LM Service - ok 12:58:33.0099 5600 Adobe Version Cue CS2 (41d15ead554396bf35b7c5246ad47a28) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe 12:58:33.0102 5600 Adobe Version Cue CS2 - ok 12:58:33.0191 5600 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 12:58:33.0195 5600 AdobeFlashPlayerUpdateSvc - ok 12:58:33.0242 5600 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 12:58:33.0250 5600 adp94xx - ok 12:58:33.0290 5600 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 12:58:33.0296 5600 adpahci - ok 12:58:33.0326 5600 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 12:58:33.0330 5600 adpu320 - ok 12:58:33.0351 5600 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 12:58:33.0353 5600 AeLookupSvc - ok 12:58:33.0415 5600 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 12:58:33.0421 5600 AFD - ok 12:58:33.0442 5600 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 12:58:33.0444 5600 agp440 - ok 12:58:33.0459 5600 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 12:58:33.0461 5600 aic78xx - ok 12:58:33.0486 5600 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 12:58:33.0487 5600 ALG - ok 12:58:33.0499 5600 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 12:58:33.0500 5600 aliide - ok 12:58:33.0530 5600 AMD External Events Utility (446a5644046b7c59c07221742c821a16) C:\Windows\system32\atiesrxx.exe 12:58:33.0532 5600 AMD External Events Utility - ok 12:58:33.0547 5600 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 12:58:33.0548 5600 amdagp - ok 12:58:33.0561 5600 amdide (211fce336502911ec03fc15a91344c98) C:\Windows\system32\DRIVERS\amdide.sys 12:58:33.0561 5600 amdide - ok 12:58:33.0577 5600 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 12:58:33.0578 5600 AmdK8 - ok 12:58:33.0836 5600 amdkmdag (8b37d7dbf153cf029141c8d82b3f53ba) C:\Windows\system32\DRIVERS\atipmdag.sys 12:58:33.0864 5600 amdkmdag - ok 12:58:33.0914 5600 amdkmdap (2a20c0b5cfe4cff706856a7b1bf14d72) C:\Windows\system32\DRIVERS\atikmpag.sys 12:58:33.0916 5600 amdkmdap - ok 12:58:33.0940 5600 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 12:58:33.0942 5600 AmdPPM - ok 12:58:33.0965 5600 amdsata (6f64c768a9a48fab7c6d6cee1b30f97f) C:\Windows\system32\DRIVERS\amdsata.sys 12:58:33.0966 5600 amdsata - ok 12:58:33.0980 5600 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 12:58:33.0982 5600 amdsbs - ok 12:58:33.0996 5600 amdxata (e27866684780606bcce640a57937d88a) C:\Windows\system32\DRIVERS\amdxata.sys 12:58:33.0997 5600 amdxata - ok 12:58:34.0068 5600 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 12:58:34.0071 5600 AntiVirSchedulerService - ok 12:58:34.0118 5600 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 12:58:34.0121 5600 AntiVirService - ok 12:58:34.0198 5600 Apache2.2 (fb32f046a2578755fa0da5052c6a9cd3) C:\xampp\apache\bin\httpd.exe 12:58:34.0200 5600 Apache2.2 - ok 12:58:34.0228 5600 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 12:58:34.0230 5600 AppID - ok 12:58:34.0242 5600 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 12:58:34.0243 5600 AppIDSvc - ok 12:58:34.0271 5600 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 12:58:34.0272 5600 Appinfo - ok 12:58:34.0283 5600 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 12:58:34.0285 5600 arc - ok 12:58:34.0295 5600 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 12:58:34.0297 5600 arcsas - ok 12:58:34.0351 5600 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 12:58:34.0353 5600 aspnet_state - ok 12:58:34.0385 5600 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 12:58:34.0387 5600 AsyncMac - ok 12:58:34.0413 5600 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 12:58:34.0414 5600 atapi - ok 12:58:34.0462 5600 AtiHdmiService (430449d04b05348879244c9090d405b4) C:\Windows\system32\drivers\AtiHdmi.sys 12:58:34.0464 5600 AtiHdmiService - ok 12:58:34.0478 5600 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys 12:58:34.0479 5600 AtiPcie - ok 12:58:34.0546 5600 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 12:58:34.0555 5600 AudioEndpointBuilder - ok 12:58:34.0566 5600 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 12:58:34.0570 5600 Audiosrv - ok 12:58:34.0619 5600 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys 12:58:34.0620 5600 avgntflt - ok 12:58:34.0653 5600 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys 12:58:34.0655 5600 avipbb - ok 12:58:34.0682 5600 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys 12:58:34.0683 5600 avkmgr - ok 12:58:34.0716 5600 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 12:58:34.0718 5600 AxInstSV - ok 12:58:34.0757 5600 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 12:58:34.0776 5600 b06bdrv - ok 12:58:34.0809 5600 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 12:58:34.0814 5600 b57nd60x - ok 12:58:34.0843 5600 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 12:58:34.0845 5600 BDESVC - ok 12:58:34.0850 5600 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 12:58:34.0851 5600 Beep - ok 12:58:34.0921 5600 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 12:58:34.0930 5600 BFE - ok 12:58:34.0995 5600 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 12:58:35.0009 5600 BITS - ok 12:58:35.0026 5600 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 12:58:35.0027 5600 blbdrive - ok 12:58:35.0046 5600 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 12:58:35.0048 5600 bowser - ok 12:58:35.0064 5600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:58:35.0064 5600 BrFiltLo - ok 12:58:35.0077 5600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:58:35.0077 5600 BrFiltUp - ok 12:58:35.0109 5600 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 12:58:35.0110 5600 Browser - ok 12:58:35.0137 5600 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 12:58:35.0141 5600 Brserid - ok 12:58:35.0154 5600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 12:58:35.0156 5600 BrSerWdm - ok 12:58:35.0170 5600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 12:58:35.0171 5600 BrUsbMdm - ok 12:58:35.0178 5600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 12:58:35.0179 5600 BrUsbSer - ok 12:58:35.0193 5600 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 12:58:35.0194 5600 BTHMODEM - ok 12:58:35.0212 5600 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 12:58:35.0213 5600 bthserv - ok 12:58:35.0225 5600 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 12:58:35.0226 5600 cdfs - ok 12:58:35.0262 5600 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 12:58:35.0265 5600 cdrom - ok 12:58:35.0314 5600 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 12:58:35.0316 5600 CertPropSvc - ok 12:58:35.0328 5600 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 12:58:35.0330 5600 circlass - ok 12:58:35.0355 5600 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 12:58:35.0357 5600 CLFS - ok 12:58:35.0382 5600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:58:35.0383 5600 clr_optimization_v2.0.50727_32 - ok 12:58:35.0462 5600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:58:35.0465 5600 clr_optimization_v4.0.30319_32 - ok 12:58:35.0479 5600 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 12:58:35.0479 5600 CmBatt - ok 12:58:35.0504 5600 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 12:58:35.0505 5600 cmdide - ok 12:58:35.0552 5600 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 12:58:35.0558 5600 CNG - ok 12:58:35.0597 5600 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 12:58:35.0598 5600 Compbatt - ok 12:58:35.0638 5600 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 12:58:35.0639 5600 CompositeBus - ok 12:58:35.0645 5600 COMSysApp - ok 12:58:35.0668 5600 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 12:58:35.0670 5600 crcdisk - ok 12:58:35.0712 5600 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 12:58:35.0714 5600 CryptSvc - ok 12:58:35.0746 5600 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 12:58:35.0752 5600 DcomLaunch - ok 12:58:35.0814 5600 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 12:58:35.0819 5600 defragsvc - ok 12:58:35.0854 5600 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 12:58:35.0856 5600 DfsC - ok 12:58:35.0887 5600 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 12:58:35.0892 5600 Dhcp - ok 12:58:35.0902 5600 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 12:58:35.0904 5600 discache - ok 12:58:35.0920 5600 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 12:58:35.0921 5600 Disk - ok 12:58:35.0966 5600 Dnscache (8fd5579bc211f9ff0c25240057af5ac2) C:\Windows\System32\pouad92qp.dll 12:58:35.0973 5600 Dnscache - ok 12:58:36.0012 5600 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 12:58:36.0017 5600 dot3svc - ok 12:58:36.0043 5600 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 12:58:36.0047 5600 DPS - ok 12:58:36.0088 5600 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 12:58:36.0089 5600 drmkaud - ok 12:58:36.0151 5600 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 12:58:36.0161 5600 DXGKrnl - ok 12:58:36.0176 5600 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 12:58:36.0180 5600 EapHost - ok 12:58:36.0345 5600 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 12:58:36.0412 5600 ebdrv - ok 12:58:36.0494 5600 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 12:58:36.0497 5600 EFS - ok 12:58:36.0505 5600 ehRecvr - ok 12:58:36.0514 5600 ehSched - ok 12:58:36.0567 5600 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 12:58:36.0575 5600 elxstor - ok 12:58:36.0605 5600 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 12:58:36.0606 5600 ErrDev - ok 12:58:36.0630 5600 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 12:58:36.0633 5600 EventSystem - ok 12:58:36.0654 5600 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 12:58:36.0656 5600 exfat - ok 12:58:36.0756 5600 Fabs - ok 12:58:36.0786 5600 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 12:58:36.0787 5600 fastfat - ok 12:58:36.0841 5600 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 12:58:36.0847 5600 Fax - ok 12:58:36.0875 5600 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 12:58:36.0876 5600 fdc - ok 12:58:36.0892 5600 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 12:58:36.0894 5600 fdPHost - ok 12:58:36.0908 5600 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 12:58:36.0909 5600 FDResPub - ok 12:58:36.0915 5600 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 12:58:36.0915 5600 FileInfo - ok 12:58:36.0925 5600 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 12:58:36.0925 5600 Filetrace - ok 12:58:37.0094 5600 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 12:58:37.0159 5600 FirebirdServerMAGIXInstance - ok 12:58:37.0217 5600 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 12:58:37.0218 5600 flpydisk - ok 12:58:37.0243 5600 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 12:58:37.0246 5600 FltMgr - ok 12:58:37.0308 5600 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 12:58:37.0324 5600 FontCache - ok 12:58:37.0377 5600 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 12:58:37.0378 5600 FontCache3.0.0.0 - ok 12:58:37.0389 5600 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 12:58:37.0390 5600 FsDepends - ok 12:58:37.0438 5600 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys 12:58:37.0440 5600 fssfltr - ok 12:58:37.0571 5600 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 12:58:37.0596 5600 fsssvc - ok 12:58:37.0645 5600 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 12:58:37.0646 5600 Fs_Rec - ok 12:58:37.0676 5600 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 12:58:37.0679 5600 fvevol - ok 12:58:37.0702 5600 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 12:58:37.0704 5600 gagp30kx - ok 12:58:37.0767 5600 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 12:58:37.0780 5600 gpsvc - ok 12:58:37.0797 5600 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 12:58:37.0798 5600 hcw85cir - ok 12:58:37.0841 5600 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 12:58:37.0845 5600 HdAudAddService - ok 12:58:37.0898 5600 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 12:58:37.0900 5600 HDAudBus - ok 12:58:37.0917 5600 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 12:58:37.0918 5600 HidBatt - ok 12:58:37.0933 5600 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 12:58:37.0934 5600 HidBth - ok 12:58:37.0956 5600 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 12:58:37.0956 5600 HidIr - ok 12:58:37.0971 5600 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 12:58:37.0972 5600 hidserv - ok 12:58:37.0984 5600 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\drivers\hidusb.sys 12:58:37.0985 5600 HidUsb - ok 12:58:38.0014 5600 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 12:58:38.0016 5600 hkmsvc - ok 12:58:38.0059 5600 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 12:58:38.0062 5600 HomeGroupListener - ok 12:58:38.0098 5600 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 12:58:38.0101 5600 HomeGroupProvider - ok 12:58:38.0136 5600 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 12:58:38.0138 5600 HpSAMD - ok 12:58:38.0193 5600 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 12:58:38.0202 5600 HTTP - ok 12:58:38.0209 5600 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 12:58:38.0210 5600 hwpolicy - ok 12:58:38.0253 5600 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 12:58:38.0255 5600 i8042prt - ok 12:58:38.0292 5600 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 12:58:38.0297 5600 iaStorV - ok 12:58:38.0360 5600 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:58:38.0375 5600 idsvc - ok 12:58:38.0399 5600 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 12:58:38.0400 5600 iirsp - ok 12:58:38.0455 5600 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 12:58:38.0466 5600 IKEEXT - ok 12:58:38.0672 5600 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\Windows\system32\drivers\RTKVHDA.sys 12:58:38.0690 5600 IntcAzAudAddService - ok 12:58:38.0743 5600 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 12:58:38.0744 5600 intelide - ok 12:58:38.0771 5600 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 12:58:38.0773 5600 intelppm - ok 12:58:38.0797 5600 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 12:58:38.0800 5600 IPBusEnum - ok 12:58:38.0816 5600 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:58:38.0818 5600 IpFilterDriver - ok 12:58:38.0864 5600 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 12:58:38.0874 5600 iphlpsvc - ok 12:58:38.0899 5600 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 12:58:38.0900 5600 IPMIDRV - ok 12:58:38.0916 5600 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 12:58:38.0917 5600 IPNAT - ok 12:58:38.0936 5600 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 12:58:38.0937 5600 IRENUM - ok 12:58:38.0966 5600 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 12:58:38.0967 5600 isapnp - ok 12:58:39.0009 5600 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 12:58:39.0014 5600 iScsiPrt - ok 12:58:39.0039 5600 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 12:58:39.0041 5600 kbdclass - ok 12:58:39.0062 5600 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 12:58:39.0064 5600 kbdhid - ok 12:58:39.0086 5600 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 12:58:39.0087 5600 KeyIso - ok 12:58:39.0103 5600 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 12:58:39.0104 5600 KSecDD - ok 12:58:39.0117 5600 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 12:58:39.0118 5600 KSecPkg - ok 12:58:39.0146 5600 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 12:58:39.0151 5600 KtmRm - ok 12:58:39.0178 5600 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 12:58:39.0182 5600 LanmanServer - ok 12:58:39.0221 5600 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 12:58:39.0222 5600 lltdio - ok 12:58:39.0253 5600 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 12:58:39.0256 5600 lltdsvc - ok 12:58:39.0268 5600 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 12:58:39.0270 5600 lmhosts - ok 12:58:39.0296 5600 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 12:58:39.0297 5600 LSI_FC - ok 12:58:39.0325 5600 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 12:58:39.0327 5600 LSI_SAS - ok 12:58:39.0354 5600 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:58:39.0356 5600 LSI_SAS2 - ok 12:58:39.0370 5600 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:58:39.0372 5600 LSI_SCSI - ok 12:58:39.0385 5600 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 12:58:39.0386 5600 luafv - ok 12:58:39.0420 5600 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 12:58:39.0422 5600 Mcx2Svc - ok 12:58:39.0438 5600 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 12:58:39.0439 5600 megasas - ok 12:58:39.0459 5600 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 12:58:39.0462 5600 MegaSR - ok 12:58:39.0477 5600 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 12:58:39.0478 5600 MMCSS - ok 12:58:39.0495 5600 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 12:58:39.0495 5600 Modem - ok 12:58:39.0509 5600 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 12:58:39.0510 5600 monitor - ok 12:58:39.0517 5600 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 12:58:39.0518 5600 mouclass - ok 12:58:39.0521 5600 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 12:58:39.0521 5600 mouhid - ok 12:58:39.0546 5600 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 12:58:39.0546 5600 mountmgr - ok 12:58:39.0635 5600 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 12:58:39.0636 5600 MozillaMaintenance - ok 12:58:39.0667 5600 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 12:58:39.0669 5600 mpio - ok 12:58:39.0699 5600 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 12:58:39.0700 5600 mpsdrv - ok 12:58:39.0745 5600 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 12:58:39.0752 5600 MpsSvc - ok 12:58:39.0809 5600 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 12:58:39.0811 5600 MRxDAV - ok 12:58:39.0853 5600 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 12:58:39.0856 5600 mrxsmb - ok 12:58:39.0890 5600 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:58:39.0895 5600 mrxsmb10 - ok 12:58:39.0917 5600 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:58:39.0919 5600 mrxsmb20 - ok 12:58:39.0955 5600 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 12:58:39.0957 5600 msahci - ok 12:58:39.0997 5600 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 12:58:40.0000 5600 msdsm - ok 12:58:40.0025 5600 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 12:58:40.0030 5600 MSDTC - ok 12:58:40.0051 5600 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 12:58:40.0052 5600 Msfs - ok 12:58:40.0064 5600 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 12:58:40.0065 5600 mshidkmdf - ok 12:58:40.0089 5600 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 12:58:40.0089 5600 msisadrv - ok 12:58:40.0117 5600 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 12:58:40.0120 5600 MSiSCSI - ok 12:58:40.0122 5600 msiserver - ok 12:58:40.0144 5600 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 12:58:40.0145 5600 MSKSSRV - ok 12:58:40.0162 5600 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 12:58:40.0162 5600 MSPCLOCK - ok 12:58:40.0175 5600 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 12:58:40.0176 5600 MSPQM - ok 12:58:40.0201 5600 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 12:58:40.0202 5600 MsRPC - ok 12:58:40.0223 5600 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 12:58:40.0224 5600 mssmbios - ok 12:58:40.0234 5600 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 12:58:40.0235 5600 MSTEE - ok 12:58:40.0251 5600 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 12:58:40.0252 5600 MTConfig - ok 12:58:40.0272 5600 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 12:58:40.0273 5600 Mup - ok 12:58:40.0293 5600 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 12:58:40.0298 5600 napagent - ok 12:58:40.0323 5600 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 12:58:40.0326 5600 NativeWifiP - ok 12:58:40.0400 5600 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files\Nero\Update\NASvc.exe 12:58:40.0408 5600 NAUpdate - ok 12:58:40.0462 5600 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 12:58:40.0472 5600 NDIS - ok 12:58:40.0489 5600 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 12:58:40.0490 5600 NdisCap - ok 12:58:40.0514 5600 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 12:58:40.0515 5600 NdisTapi - ok 12:58:40.0550 5600 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 12:58:40.0551 5600 Ndisuio - ok 12:58:40.0588 5600 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 12:58:40.0590 5600 NdisWan - ok 12:58:40.0628 5600 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 12:58:40.0630 5600 NDProxy - ok 12:58:40.0637 5600 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 12:58:40.0638 5600 NetBIOS - ok 12:58:40.0672 5600 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 12:58:40.0675 5600 NetBT - ok 12:58:40.0706 5600 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 12:58:40.0709 5600 Netlogon - ok 12:58:40.0753 5600 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 12:58:40.0762 5600 Netman - ok 12:58:40.0794 5600 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 12:58:40.0804 5600 netprofm - ok 12:58:40.0877 5600 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:58:40.0879 5600 NetTcpPortSharing - ok 12:58:40.0917 5600 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 12:58:40.0919 5600 nfrd960 - ok 12:58:40.0948 5600 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 12:58:40.0955 5600 NlaSvc - ok 12:58:40.0970 5600 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 12:58:40.0971 5600 Npfs - ok 12:58:40.0978 5600 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 12:58:40.0982 5600 nsi - ok 12:58:40.0997 5600 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 12:58:40.0997 5600 nsiproxy - ok 12:58:41.0094 5600 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 12:58:41.0107 5600 Ntfs - ok 12:58:41.0110 5600 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 12:58:41.0111 5600 Null - ok 12:58:41.0134 5600 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 12:58:41.0135 5600 nvraid - ok 12:58:41.0165 5600 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 12:58:41.0169 5600 nvstor - ok 12:58:41.0199 5600 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 12:58:41.0202 5600 nv_agp - ok 12:58:41.0309 5600 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 12:58:41.0317 5600 odserv - ok 12:58:41.0355 5600 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 12:58:41.0357 5600 ohci1394 - ok 12:58:41.0434 5600 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:58:41.0436 5600 ose - ok 12:58:41.0478 5600 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 12:58:41.0486 5600 p2pimsvc - ok 12:58:41.0526 5600 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 12:58:41.0535 5600 p2psvc - ok 12:58:41.0561 5600 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 12:58:41.0564 5600 Parport - ok 12:58:41.0593 5600 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 12:58:41.0595 5600 partmgr - ok 12:58:41.0610 5600 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 12:58:41.0612 5600 Parvdm - ok 12:58:41.0643 5600 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 12:58:41.0649 5600 PcaSvc - ok 12:58:41.0689 5600 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 12:58:41.0692 5600 pci - ok 12:58:41.0725 5600 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 12:58:41.0727 5600 pciide - ok 12:58:41.0763 5600 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 12:58:41.0767 5600 pcmcia - ok 12:58:41.0779 5600 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 12:58:41.0780 5600 pcw - ok 12:58:41.0845 5600 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 12:58:41.0854 5600 PEAUTH - ok 12:58:41.0956 5600 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 12:58:41.0980 5600 pla - ok 12:58:42.0522 5600 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 12:58:42.0532 5600 PlugPlay - ok 12:58:42.0549 5600 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 12:58:42.0551 5600 PNRPAutoReg - ok 12:58:42.0577 5600 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 12:58:42.0581 5600 PNRPsvc - ok 12:58:42.0640 5600 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 12:58:42.0644 5600 PolicyAgent - ok 12:58:42.0659 5600 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 12:58:42.0662 5600 Power - ok 12:58:42.0698 5600 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 12:58:42.0700 5600 PptpMiniport - ok 12:58:42.0715 5600 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 12:58:42.0717 5600 Processor - ok 12:58:42.0756 5600 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 12:58:42.0762 5600 ProfSvc - ok 12:58:42.0784 5600 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 12:58:42.0787 5600 ProtectedStorage - ok 12:58:42.0823 5600 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 12:58:42.0826 5600 Psched - ok 12:58:42.0872 5600 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 12:58:42.0875 5600 PSI_SVC_2 - ok 12:58:42.0963 5600 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 12:58:42.0987 5600 ql2300 - ok 12:58:43.0056 5600 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 12:58:43.0059 5600 ql40xx - ok 12:58:43.0092 5600 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 12:58:43.0099 5600 QWAVE - ok 12:58:43.0112 5600 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 12:58:43.0114 5600 QWAVEdrv - ok 12:58:43.0135 5600 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 12:58:43.0136 5600 RasAcd - ok 12:58:43.0155 5600 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 12:58:43.0156 5600 RasAgileVpn - ok 12:58:43.0169 5600 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 12:58:43.0171 5600 RasAuto - ok 12:58:43.0189 5600 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 12:58:43.0190 5600 Rasl2tp - ok 12:58:43.0210 5600 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 12:58:43.0214 5600 RasMan - ok 12:58:43.0233 5600 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 12:58:43.0234 5600 RasPppoe - ok 12:58:43.0244 5600 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 12:58:43.0245 5600 RasSstp - ok 12:58:43.0264 5600 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 12:58:43.0266 5600 rdbss - ok 12:58:43.0279 5600 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 12:58:43.0280 5600 rdpbus - ok 12:58:43.0306 5600 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 12:58:43.0306 5600 RDPCDD - ok 12:58:43.0329 5600 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 12:58:43.0329 5600 RDPENCDD - ok 12:58:43.0340 5600 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 12:58:43.0340 5600 RDPREFMP - ok 12:58:43.0371 5600 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 12:58:43.0374 5600 RDPWD - ok 12:58:43.0393 5600 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 12:58:43.0395 5600 rdyboost - ok 12:58:43.0433 5600 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 12:58:43.0435 5600 RemoteAccess - ok 12:58:43.0449 5600 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 12:58:43.0451 5600 RemoteRegistry - ok 12:58:43.0456 5600 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 12:58:43.0459 5600 RpcEptMapper - ok 12:58:43.0480 5600 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 12:58:43.0481 5600 RpcLocator - ok 12:58:43.0509 5600 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 12:58:43.0514 5600 RpcSs - ok 12:58:43.0526 5600 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 12:58:43.0527 5600 rspndr - ok 12:58:43.0555 5600 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys 12:58:43.0557 5600 RTL8167 - ok 12:58:43.0597 5600 RTL8192su (51adef77e4c929535fd50da153774e79) C:\Windows\system32\DRIVERS\RTL8192su.sys 12:58:43.0601 5600 RTL8192su - ok 12:58:43.0606 5600 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 12:58:43.0607 5600 SamSs - ok 12:58:43.0645 5600 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 12:58:43.0647 5600 sbp2port - ok 12:58:43.0680 5600 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 12:58:43.0683 5600 SCardSvr - ok 12:58:43.0694 5600 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 12:58:43.0695 5600 scfilter - ok 12:58:43.0820 5600 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 12:58:43.0835 5600 Schedule - ok 12:58:43.0869 5600 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 12:58:43.0871 5600 SCPolicySvc - ok 12:58:43.0898 5600 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 12:58:43.0904 5600 SDRSVC - ok 12:58:43.0923 5600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 12:58:43.0925 5600 secdrv - ok 12:58:43.0932 5600 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 12:58:43.0936 5600 seclogon - ok 12:58:43.0956 5600 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 12:58:43.0958 5600 SENS - ok 12:58:43.0970 5600 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 12:58:43.0972 5600 SensrSvc - ok 12:58:44.0002 5600 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 12:58:44.0002 5600 Serenum - ok 12:58:44.0020 5600 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 12:58:44.0021 5600 Serial - ok 12:58:44.0055 5600 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 12:58:44.0055 5600 sermouse - ok 12:58:44.0077 5600 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 12:58:44.0080 5600 SessionEnv - ok 12:58:44.0108 5600 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 12:58:44.0108 5600 sffdisk - ok 12:58:44.0122 5600 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 12:58:44.0123 5600 sffp_mmc - ok 12:58:44.0134 5600 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 12:58:44.0135 5600 sffp_sd - ok 12:58:44.0154 5600 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 12:58:44.0155 5600 sfloppy - ok 12:58:44.0178 5600 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 12:58:44.0182 5600 SharedAccess - ok 12:58:44.0205 5600 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 12:58:44.0209 5600 ShellHWDetection - ok 12:58:44.0238 5600 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 12:58:44.0239 5600 sisagp - ok 12:58:44.0255 5600 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:58:44.0256 5600 SiSRaid2 - ok 12:58:44.0275 5600 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 12:58:44.0276 5600 SiSRaid4 - ok 12:58:44.0370 5600 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe 12:58:44.0374 5600 SkypeUpdate - ok 12:58:44.0409 5600 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 12:58:44.0411 5600 Smb - ok 12:58:44.0436 5600 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 12:58:44.0441 5600 SNMPTRAP - ok 12:58:44.0455 5600 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 12:58:44.0456 5600 spldr - ok 12:58:44.0488 5600 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 12:58:44.0498 5600 Spooler - ok 12:58:44.0682 5600 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 12:58:44.0740 5600 sppsvc - ok 12:58:44.0815 5600 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 12:58:44.0821 5600 sppuinotify - ok 12:58:44.0872 5600 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 12:58:44.0877 5600 srv - ok 12:58:44.0908 5600 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 12:58:44.0913 5600 srv2 - ok 12:58:44.0949 5600 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 12:58:44.0951 5600 srvnet - ok 12:58:44.0973 5600 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 12:58:44.0980 5600 SSDPSRV - ok 12:58:45.0026 5600 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 12:58:45.0027 5600 ssmdrv - ok 12:58:45.0051 5600 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 12:58:45.0056 5600 SstpSvc - ok 12:58:45.0069 5600 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 12:58:45.0071 5600 stexstor - ok 12:58:45.0127 5600 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 12:58:45.0139 5600 StiSvc - ok 12:58:45.0171 5600 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 12:58:45.0172 5600 swenum - ok 12:58:45.0197 5600 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 12:58:45.0203 5600 swprv - ok 12:58:45.0287 5600 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 12:58:45.0310 5600 SysMain - ok 12:58:45.0346 5600 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 12:58:45.0349 5600 TabletInputService - ok 12:58:45.0395 5600 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 12:58:45.0403 5600 TapiSrv - ok 12:58:45.0416 5600 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 12:58:45.0421 5600 TBS - ok 12:58:45.0506 5600 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 12:58:45.0516 5600 Tcpip - ok 12:58:45.0530 5600 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 12:58:45.0540 5600 TCPIP6 - ok 12:58:45.0571 5600 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 12:58:45.0572 5600 tcpipreg - ok 12:58:45.0605 5600 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 12:58:45.0606 5600 TDPIPE - ok 12:58:45.0631 5600 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 12:58:45.0633 5600 TDTCP - ok 12:58:45.0655 5600 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 12:58:45.0657 5600 tdx - ok 12:58:45.0665 5600 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 12:58:45.0667 5600 TermDD - ok 12:58:45.0711 5600 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 12:58:45.0724 5600 TermService - ok 12:58:45.0762 5600 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 12:58:45.0767 5600 Themes - ok 12:58:45.0789 5600 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 12:58:45.0793 5600 THREADORDER - ok 12:58:45.0819 5600 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 12:58:45.0826 5600 TrkWks - ok 12:58:45.0852 5600 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 12:58:45.0856 5600 TrustedInstaller - ok 12:58:45.0879 5600 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 12:58:45.0880 5600 tssecsrv - ok 12:58:45.0906 5600 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 12:58:45.0908 5600 TsUsbFlt - ok 12:58:45.0950 5600 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 12:58:45.0953 5600 tunnel - ok 12:58:45.0982 5600 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 12:58:45.0984 5600 uagp35 - ok 12:58:46.0015 5600 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 12:58:46.0021 5600 udfs - ok 12:58:46.0051 5600 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 12:58:46.0056 5600 UI0Detect - ok 12:58:46.0089 5600 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 12:58:46.0091 5600 uliagpkx - ok 12:58:46.0129 5600 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 12:58:46.0130 5600 umbus - ok 12:58:46.0148 5600 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 12:58:46.0150 5600 UmPass - ok 12:58:46.0215 5600 Update-Service (1cb3bcf37667867a2db0f68c34c25b8f) C:\Windows\System32\UpdSvc.dll 12:58:46.0221 5600 Update-Service - ok 12:58:46.0249 5600 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 12:58:46.0258 5600 upnphost - ok 12:58:46.0278 5600 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 12:58:46.0280 5600 usbccgp - ok 12:58:46.0317 5600 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 12:58:46.0319 5600 usbcir - ok 12:58:46.0346 5600 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 12:58:46.0348 5600 usbehci - ok 12:58:46.0375 5600 usbfilter (19999ca8e83f16d271afc467b84718d7) C:\Windows\system32\DRIVERS\usbfilter.sys 12:58:46.0376 5600 usbfilter - ok 12:58:46.0428 5600 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 12:58:46.0432 5600 usbhub - ok 12:58:46.0473 5600 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys 12:58:46.0474 5600 usbohci - ok 12:58:46.0496 5600 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 12:58:46.0497 5600 usbprint - ok 12:58:46.0528 5600 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 12:58:46.0529 5600 usbscan - ok 12:58:46.0547 5600 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:58:46.0548 5600 USBSTOR - ok 12:58:46.0558 5600 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 12:58:46.0559 5600 usbuhci - ok 12:58:46.0573 5600 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 12:58:46.0575 5600 UxSms - ok 12:58:46.0598 5600 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 12:58:46.0600 5600 VaultSvc - ok 12:58:46.0630 5600 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 12:58:46.0631 5600 vdrvroot - ok 12:58:46.0680 5600 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 12:58:46.0687 5600 vds - ok 12:58:46.0711 5600 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 12:58:46.0712 5600 vga - ok 12:58:46.0730 5600 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 12:58:46.0731 5600 VgaSave - ok 12:58:46.0771 5600 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 12:58:46.0774 5600 vhdmp - ok 12:58:46.0788 5600 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 12:58:46.0790 5600 viaagp - ok 12:58:46.0813 5600 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 12:58:46.0814 5600 ViaC7 - ok 12:58:46.0835 5600 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 12:58:46.0837 5600 viaide - ok 12:58:46.0855 5600 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 12:58:46.0856 5600 volmgr - ok 12:58:46.0883 5600 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 12:58:46.0886 5600 volmgrx - ok 12:58:46.0917 5600 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 12:58:46.0920 5600 volsnap - ok 12:58:46.0935 5600 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 12:58:46.0938 5600 vsmraid - ok 12:58:47.0014 5600 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 12:58:47.0037 5600 VSS - ok 12:58:47.0056 5600 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 12:58:47.0056 5600 vwifibus - ok 12:58:47.0082 5600 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 12:58:47.0082 5600 vwififlt - ok 12:58:47.0105 5600 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 12:58:47.0109 5600 W32Time - ok 12:58:47.0123 5600 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 12:58:47.0124 5600 WacomPen - ok 12:58:47.0158 5600 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 12:58:47.0158 5600 WANARP - ok 12:58:47.0161 5600 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 12:58:47.0162 5600 Wanarpv6 - ok 12:58:47.0236 5600 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 12:58:47.0260 5600 wbengine - ok 12:58:47.0283 5600 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 12:58:47.0286 5600 WbioSrvc - ok 12:58:47.0331 5600 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 12:58:47.0336 5600 wcncsvc - ok 12:58:47.0352 5600 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 12:58:47.0355 5600 WcsPlugInService - ok 12:58:47.0394 5600 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 12:58:47.0396 5600 Wd - ok 12:58:47.0439 5600 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 12:58:47.0446 5600 Wdf01000 - ok 12:58:47.0462 5600 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 12:58:47.0468 5600 WdiServiceHost - ok 12:58:47.0474 5600 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 12:58:47.0480 5600 WdiSystemHost - ok 12:58:47.0685 5600 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 12:58:47.0697 5600 WebClient - ok 12:58:47.0775 5600 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 12:58:47.0782 5600 Wecsvc - ok 12:58:47.0801 5600 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 12:58:47.0806 5600 wercplsupport - ok 12:58:47.0835 5600 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 12:58:47.0841 5600 WerSvc - ok 12:58:47.0866 5600 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 12:58:47.0867 5600 WfpLwf - ok 12:58:47.0881 5600 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 12:58:47.0883 5600 WIMMount - ok 12:58:47.0960 5600 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 12:58:47.0973 5600 WinDefend - ok 12:58:47.0979 5600 WinHttpAutoProxySvc - ok 12:58:48.0033 5600 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 12:58:48.0036 5600 Winmgmt - ok 12:58:48.0113 5600 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 12:58:48.0133 5600 WinRM - ok 12:58:48.0185 5600 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 12:58:48.0187 5600 WinUsb - ok 12:58:48.0253 5600 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 12:58:48.0272 5600 Wlansvc - ok 12:58:48.0388 5600 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:58:48.0421 5600 wlidsvc - ok 12:58:48.0500 5600 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 12:58:48.0502 5600 WmiAcpi - ok 12:58:48.0533 5600 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 12:58:48.0536 5600 wmiApSrv - ok 12:58:48.0614 5600 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 12:58:48.0639 5600 WMPNetworkSvc - ok 12:58:48.0655 5600 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 12:58:48.0657 5600 WPCSvc - ok 12:58:48.0686 5600 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 12:58:48.0689 5600 WPDBusEnum - ok 12:58:48.0710 5600 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 12:58:48.0711 5600 ws2ifsl - ok 12:58:48.0732 5600 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 12:58:48.0735 5600 wscsvc - ok 12:58:48.0739 5600 WSearch - ok 12:58:48.0866 5600 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 12:58:48.0906 5600 wuauserv - ok 12:58:48.0953 5600 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 12:58:48.0954 5600 WudfPf - ok 12:58:49.0016 5600 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 12:58:49.0019 5600 WUDFRd - ok 12:58:49.0030 5600 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 12:58:49.0036 5600 wudfsvc - ok 12:58:49.0056 5600 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 12:58:49.0060 5600 WwanSvc - ok 12:58:49.0090 5600 MBR (0x1B8) (6f053ce44510d4ba204afc85893bc5c5) \Device\Harddisk0\DR0 12:58:51.0491 5600 \Device\Harddisk0\DR0 - ok 12:58:51.0523 5600 Boot (0x1200) (438b8aa94c3d5738c3897d86c64cc5f2) \Device\Harddisk0\DR0\Partition0 12:58:51.0526 5600 \Device\Harddisk0\DR0\Partition0 - ok 12:58:51.0537 5600 Boot (0x1200) (0b2e93edba7733630077ac30c39ddb1d) \Device\Harddisk0\DR0\Partition1 12:58:51.0540 5600 \Device\Harddisk0\DR0\Partition1 - ok 12:58:51.0573 5600 Boot (0x1200) (91206a8caaac29f9bba702da143937e9) \Device\Harddisk0\DR0\Partition2 12:58:51.0575 5600 \Device\Harddisk0\DR0\Partition2 - ok 12:58:51.0576 5600 ============================================================ 12:58:51.0576 5600 Scan finished 12:58:51.0576 5600 ============================================================ 12:58:51.0667 2228 Detected object count: 0 12:58:51.0667 2228 Actual detected object count: 0 |
|
11.06.2012, 12:04
| #6 | |
| /// Malwareteam | TR/mediyes.F.3 Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> TR/mediyes.F.3 |
|
11.06.2012, 12:42
| #7 |
| | TR/mediyes.F.3 nächster schritt gemacht ----------------------------------------------------------------------- # Combofix Logfile: Code:
ATTFilter ComboFix 12-06-10.01 - zeller 11.06.2012 13:15:21.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.1481 [GMT 2:00]
ausgeführt von:: c:\users\zeller\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\spiel\createfileassoc.exe
c:\users\spiel\error_report.exe
c:\users\spiel\package_inst.exe
c:\users\spiel\QtCore4.dll
c:\users\spiel\QtGui4.dll
c:\users\spiel\QtNetwork4.dll
c:\users\spiel\ts3client_win32.exe
c:\users\spiel\Uninstall.exe
c:\users\spiel\update.exe
c:\users\zeller\AppData\Roaming\Local
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\ed8dfavxgc2xx.avi.ddr
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\Player_RB_v1_de.divx.ddr
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ed8dfavxgc2xx.avi.ddp
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Player_RB_v1_de.divx
c:\users\zeller\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-11 bis 2012-06-11 ))))))))))))))))))))))))))))))
.
.
2012-06-09 01:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-09 01:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-09 01:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-09 01:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 01:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-09 01:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-09 01:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 01:45 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 01:45 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 09:10 . 2012-06-08 09:10 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 09:10 . 2012-06-08 09:10 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-02 19:03 . 2012-06-02 19:03 241664 ----a-w- c:\windows\system32\pouad92qp.dll
2012-05-31 08:28 . 2012-06-11 11:21 -------- d-----w- c:\users\spiel
2012-05-17 08:28 . 2012-05-17 08:28 -------- d-----w- c:\users\zeller\AppData\Roaming\Avira
2012-05-17 08:22 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-17 08:22 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-17 08:22 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-17 08:21 . 2012-05-17 08:21 -------- d-----w- c:\programdata\Avira
2012-05-17 08:21 . 2012-05-17 08:21 -------- d-----w- c:\program files\Avira
2012-05-16 06:44 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7AF9F5A-B928-4EF1-A7CF-8F36E032C1BE}\mpengine.dll
2012-05-14 08:26 . 2012-05-14 08:26 -------- d-----w- c:\users\zeller\AppData\Local\Xara
2012-05-14 08:26 . 2012-05-14 08:26 -------- d-----w- c:\users\zeller\AppData\Roaming\MAGIX
2012-05-14 08:25 . 2012-05-14 08:25 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2012-05-14 08:21 . 2012-05-14 08:22 -------- d-----w- c:\program files\MAGIX
2012-05-13 15:34 . 2012-06-11 06:10 -------- d-----w- c:\users\zeller\AppData\Roaming\Skype
2012-05-13 15:34 . 2012-05-13 15:34 -------- d-----w- c:\program files\Common Files\Skype
2012-05-13 15:34 . 2012-05-13 15:34 -------- d-----r- c:\program files\Skype
2012-05-13 15:33 . 2012-05-13 15:34 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:08 . 2012-03-30 17:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 19:08 . 2011-12-20 17:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 14:43 . 2011-09-08 08:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-10 07:05 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 07:05 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-10 07:05 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-10 07:06 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27 . 2012-05-10 07:05 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-15 21:45 . 2012-03-15 21:45 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-15 21:45 . 2012-03-15 21:45 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-15 21:45 . 2012-03-15 21:45 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-15 21:45 . 2012-03-15 21:45 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-15 21:45 . 2012-03-15 21:45 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-15 21:45 . 2012-03-15 21:45 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-15 21:45 . 2012-03-15 21:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-15 21:45 . 2012-03-15 21:45 367104 ----a-w- c:\windows\system32\html.iec
2012-03-15 21:45 . 2012-03-15 21:45 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-15 21:45 . 2012-03-15 21:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-15 21:45 . 2012-03-15 21:45 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-15 21:45 . 2012-03-15 21:45 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-15 21:45 . 2012-03-15 21:45 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-15 21:45 . 2012-03-15 21:45 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-15 21:45 . 2012-03-15 21:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-15 21:45 . 2012-03-15 21:45 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-15 21:45 . 2012-03-15 21:45 101888 ----a-w- c:\windows\system32\admparse.dll
2012-06-08 09:10 . 2011-10-11 04:50 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\TrayServer.exe" [2008-08-07 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-08 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-CLMLServer - c:\program files\CyberLink\Power2Go\CLMLSvc.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13} - c:\program files\Corel\CorelDRAW Essentials 4\Setup\SetupARP.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-11 13:39:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-11 11:39
.
Vor Suchlauf: 10 Verzeichnis(se), 1.400.959.139.840 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 1.401.555.398.656 Bytes frei
.
- - End Of File - - 689E0D7D80B1027AB4FFEA3A0A342729
Muss ich noch was machen.  bis jetzt schonmal danke |
|
11.06.2012, 13:24
| #8 | |
| /// Malwareteam | TR/mediyes.F.3 Irgendwas ist hier oberfaul!  Virustotal Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.06.2012, 14:02
| #9 |
| | TR/mediyes.F.3 https://www.virustotal.com/file/ab29bd65948032005484668be7d18805dde8de9d042008999ba2d31aea4a2f9b/analysis/1339419588/ |
|
11.06.2012, 14:17
| #10 |
| /// Malwareteam | TR/mediyes.F.3 Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter http://www.trojaner-board.de/117039-tr-mediyes-f-3-a.html
COLLECT::
C:\Windows\System32\UpdSvc.dll
c:\windows\system32\pouad92qp.dll
DRIVER::
Update-Service
Dnscache
ADS::
C:\ProgramData\Temp
CLEARJAVACACHE::
Wichtig:
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.06.2012, 15:09
| #11 |
| | TR/mediyes.F.3 so muss jetzt erst arbeiten scann läuft # . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: Free YouTube to MP3 Converter - c:\users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites TCP: DhcpNameServer = 192.168.178.1 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q= pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0); . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe c:\windows\system32\conhost.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-11 15:39:35 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-11 13:39 ComboFix2.txt 2012-06-11 11:39 . Vor Suchlauf: 14 Verzeichnis(se), 1.400.789.061.632 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 1.400.938.340.352 Bytes frei . - - End Of File - - 49C52475B8DDA2D096F66132AA2F5D04 Hochladen war erfolgreich ----------------------------------------------------------------- Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.11.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 zeller :: PHOENIX [Administrator] 11.06.2012 16:05:56 mbam-log-2012-06-11 (16-05-56).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 399143 Laufzeit: 1 Stunde(n), 4 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ------------------------------------------------------------------------------------ |
|
11.06.2012, 22:08
| #12 |
| /// Malwareteam | TR/mediyes.F.3 Das Combofix-log ist unvollständig - bitte poste den kompletten Inhalt der Datei in code-tags (das #-Symbol oben im Antwortfenster)
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
12.06.2012, 09:15
| #13 |
| | TR/mediyes.F.3 Guten Morgen ,------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------ #Combofix Logfile: Code:
ATTFilter ComboFix 12-06-10.01 - zeller 11.06.2012 15:27:23.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.2002 [GMT 2:00]
ausgeführt von:: c:\users\zeller\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\zeller\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\system32\pouad92qp.dll
file zipped: c:\windows\System32\UpdSvc.dll
.
ADS - Temp: deleted 3506 bytes in 27 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pouad92qp.dll
c:\windows\System32\UpdSvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Dnscache
-------\Service_Update-Service
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-11 bis 2012-06-11 ))))))))))))))))))))))))))))))
.
.
2012-06-11 13:31 . 2012-06-11 13:31 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-11 13:31 . 2012-06-11 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 11:51 . 2012-06-11 11:51 -------- d-----w- c:\program files\DEUTSCHLAND SPIELT
2012-06-09 01:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-09 01:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-09 01:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-09 01:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 01:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-09 01:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-09 01:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 01:45 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 01:45 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 09:10 . 2012-06-08 09:10 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 09:10 . 2012-06-08 09:10 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-31 08:28 . 2012-06-11 11:21 -------- d-----w- c:\users\spiel
2012-05-17 08:28 . 2012-05-17 08:28 -------- d-----w- c:\users\zeller\AppData\Roaming\Avira
2012-05-17 08:22 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-17 08:22 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-17 08:22 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-17 08:21 . 2012-05-17 08:21 -------- d-----w- c:\programdata\Avira
2012-05-17 08:21 . 2012-05-17 08:21 -------- d-----w- c:\program files\Avira
2012-05-16 06:44 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7AF9F5A-B928-4EF1-A7CF-8F36E032C1BE}\mpengine.dll
2012-05-14 08:26 . 2012-05-14 08:26 -------- d-----w- c:\users\zeller\AppData\Local\Xara
2012-05-14 08:26 . 2012-05-14 08:26 -------- d-----w- c:\users\zeller\AppData\Roaming\MAGIX
2012-05-14 08:25 . 2012-05-14 08:25 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2012-05-14 08:21 . 2012-05-14 08:22 -------- d-----w- c:\program files\MAGIX
2012-05-13 15:34 . 2012-06-11 13:36 -------- d-----w- c:\users\zeller\AppData\Roaming\Skype
2012-05-13 15:34 . 2012-05-13 15:34 -------- d-----w- c:\program files\Common Files\Skype
2012-05-13 15:34 . 2012-05-13 15:34 -------- d-----r- c:\program files\Skype
2012-05-13 15:33 . 2012-05-13 15:34 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:08 . 2012-03-30 17:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 19:08 . 2011-12-20 17:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 14:43 . 2011-09-08 08:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-10 07:05 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 07:05 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-10 07:05 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-10 07:06 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27 . 2012-05-10 07:05 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-15 21:45 . 2012-03-15 21:45 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-15 21:45 . 2012-03-15 21:45 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-15 21:45 . 2012-03-15 21:45 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-15 21:45 . 2012-03-15 21:45 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-15 21:45 . 2012-03-15 21:45 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-15 21:45 . 2012-03-15 21:45 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-15 21:45 . 2012-03-15 21:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-15 21:45 . 2012-03-15 21:45 367104 ----a-w- c:\windows\system32\html.iec
2012-03-15 21:45 . 2012-03-15 21:45 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-15 21:45 . 2012-03-15 21:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-15 21:45 . 2012-03-15 21:45 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-15 21:45 . 2012-03-15 21:45 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-15 21:45 . 2012-03-15 21:45 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-15 21:45 . 2012-03-15 21:45 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-15 21:45 . 2012-03-15 21:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-15 21:45 . 2012-03-15 21:45 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-15 21:45 . 2012-03-15 21:45 101888 ----a-w- c:\windows\system32\admparse.dll
2012-06-08 09:10 . 2011-10-11 04:50 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\TrayServer.exe" [2008-08-07 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 CFcatchme;CFcatchme;c:\users\zeller\AppData\Local\Temp\CFcatchme.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-08 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-11 15:39:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-11 13:39
ComboFix2.txt 2012-06-11 11:39
.
Vor Suchlauf: 14 Verzeichnis(se), 1.400.789.061.632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 1.400.938.340.352 Bytes frei
.
- - End Of File - - 49C52475B8DDA2D096F66132AA2F5D04
Hochladen war erfolgreich ---------------------------------------------------------------------------- ------------------------------------------------------------------------------ Hoffe diesesmal ist alles drin gestern abend obwohl ich keine scanns mehr gemacht habe hat ging eine Meldung auf mit diesem Schlüssel. weiss nicht mehr genau wie da stand |
|
12.06.2012, 09:36
| #14 |
| /// Malwareteam | TR/mediyes.F.3 Onlinescan zur Kontrolle ESET Online Scanner
Macht der Rechner noch Probleme?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
14.06.2012, 08:55
| #15 |
| /// Malwareteam | TR/mediyes.F.3 Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu TR/mediyes.F.3 |
| 2.0.7, abstürzen, alternate, antivirus, avira, bho, converter, error, firefox, flash player, helper, home, iexplore.exe, install.exe, logfile, microsoft office word, mp3, object, office 2007, plug-in, problem, programm, quelldatei, realtek, scan, searchscopes, security, software, svchost.exe, system, teamspeak, trojaner, windows |
